CERT-In Vulnerability Note CIVN-2006-125
Microsoft Word Document Handling Memory Corruption and Code Execution Vulnerability

Original Issue Date: December 06, 2006
Updated : February 14, 2007

Severity Rating: High

Systems Affected

• Microsoft Word 2000
• Microsoft Word 2002
• Microsoft Word 2003
• Microsoft Word Viewer 2003
• Microsoft Works 2004, 2005, and 2006

Overview

A vulnerability has been reported in Microsoft Word which could be exploited by an attacker to take complete control of the system.

Description

The vulnerability is caused due to a memory corruption error when handling malformed documents.

The attacker could exploit this vulnerability by creating and sending specially crafted word document to the affected user and could persuade user into opening the document and could execute the arbitrary commands to take complete control of the affected system.

Workaround

Do not open or save Word files received from un-trusted sources.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS07-014

References

Microsoft
http://www.microsoft.com/technet/security/advisory/929433.mspx

FrSIRT
http://www.frsirt.com/english/advisories/2006/4866

CVE Name
CVE-2006-5994

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003