|CERT-In Vulnerability Note
Microsoft Office Word Remote Code Execution Vulnerability
Original Issue Date:November 11, 2009
Severity Rating: HIGH
- Microsoft Office Word 2002 SP 3
- Microsoft Office Word 2003 SP 3
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Word Viewer 2003 SP 3
- Microsoft Office Word Viewer
A vulnerability has been identified in Microsoft Office Word, which could be exploited by attackers to compromise a vulnerable system.
The vulnerability exists because Microsoft Word does not properly handle malformed documents.
An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to open a malicious document. If the user opens the file, the attacker could execute arbitrary code with the privileges of the user.
Do not open Word documents received from untrusted sources Use the Microsoft Office Isolated Conversion Environment MOICE when opening files from unknown or untrusted sources
For detailed steps of these workaround refer to Microsoft Security Bulletin MS09-068
Apply appropriate patches as mentioned in Microsoft Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-2436857
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003