----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Microsoft Office Word Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA30285

VERIFY ADVISORY:
http://secunia.com/advisories/30285/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Microsoft Office 2000
http://secunia.com/advisories/product/24/
Microsoft Office XP
http://secunia.com/advisories/product/23/
Microsoft Office 2003 Professional Edition
http://secunia.com/advisories/product/2276/
Microsoft Office 2003 Small Business Edition
http://secunia.com/advisories/product/2277/
Microsoft Office 2003 Standard Edition
http://secunia.com/advisories/product/2275/
Microsoft Office 2003 Student and Teacher Edition
http://secunia.com/advisories/product/2278/
Microsoft Office 2007
http://secunia.com/advisories/product/13228/
Microsoft Word 2000
http://secunia.com/advisories/product/2149/
Microsoft Word 2002
http://secunia.com/advisories/product/2150/
Microsoft Word 2003
http://secunia.com/advisories/product/4908/
Microsoft Office Word 2007
http://secunia.com/advisories/product/14703/
Microsoft Outlook 2007
http://secunia.com/advisories/product/13799/
Microsoft Word Viewer 2003
http://secunia.com/advisories/product/5523/
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats
http://secunia.com/advisories/product/14165/
Microsoft Works 8.x
http://secunia.com/advisories/product/7215/
Microsoft Office 2004 for Mac
http://secunia.com/advisories/product/8713/
Microsoft Office 2008 for Mac
http://secunia.com/advisories/product/17922/
Microsoft Open XML File Format Converter for Mac
http://secunia.com/advisories/product/20148/

DESCRIPTION:
Multiple vulnerabilities have been reported in Microsoft Office Word,
which can be exploited by malicious people to compromise a user's
system.

1) An unspecified error when parsing certain records can be exploited
to corrupt memory via a specially crafted Word file.

2) An integer overflow error exists when calculating the space
required for the specified number of points in a polyline or polygon.
This can be exploited to cause a heap-based buffer overflow during
parsing of objects in Rich Text Format (.rtf) files e.g. when a user
opens a specially crafted .rtf file with Word or previews a specially
crafted e-mail.

3) An unspecified error when parsing certain records can be exploited
to corrupt memory via a specially crafted Word file.

4) An unspecified error when parsing control words in RTF files can
be exploited to corrupt memory via a specially crafted RTF file.

5) An unspecified error when parsing control words in RTF files can
be exploited to corrupt memory via a specially crafted RTF file.

6) An unspecified error when parsing control words in RTF files can
be exploited to corrupt memory via a specially crafted RTF file.

7) An unspecified error when parsing strings in RTF files can be
exploited to corrupt memory via a specially crafted RTF file.

8) An unspecified error when parsing certain records can be exploited
to corrupt memory via a specially crafted Word file.

Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.

SOLUTION:
Apply patches.

Microsoft Office Word 2000 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=43e8c4d8-307b-48f6-ac99-a9617421d40a

Microsoft Office Word 2002 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3ef41412-50b3-4077-b0e3-9a3704d2f876

Microsoft Office Word 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=45c81c60-4b1b-4246-839b-198ebc4eeae2

Microsoft Office Word 2007:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37

Microsoft Office Outlook 2007:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37

Microsoft Office Word 2007 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37

Microsoft Office Outlook 2007 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37

Microsoft Office Word Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=70de7c3c-519f-4f4a-a03f-027f80b5415c

Microsoft Office Word Viewer 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=70de7c3c-519f-4f4a-a03f-027f80b5415c

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats:
http://www.microsoft.com/downloads/details.aspx?FamilyId=55430121-4476-48b8-9f6f-4a60fa0b2970

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=55430121-4476-48b8-9f6f-4a60fa0b2970

Microsoft Works 8 (requires update to Works 8.5):
http://www.microsoft.com/downloads/details.aspx?familyid=1537d181-90d9-4bb5-b5ae-8d9990a349af

Microsoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=ECA13AD8-62AE-41A8-B308-41E2D1773820

Microsoft Office 2008 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AB31A564-43D2-45BD-98BF-19E9CA477B62

Open XML File Format Converter for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EDB6CD8F-832C-4123-8982-AC0C601EA0A7

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Ricardo Narvaja, Core Security Technologies.
2) Dyon Balding, Secunia Research.
3) The vendor credits Yamata Li, Palo Alto Networks.
4) The vendor credits Wushi via ZDI.
5) The vendor credits Aaron Portnoy, TippingPoint DVLabs.
6) The vendor credits Wushi of team509 via ZDI.
7) The vendor credits Aaron Portnoy, TippingPoint DVLabs.
8) The vendor credits Wushi and Ling via ZDI.

ORIGINAL ADVISORY:
MS08-072 (KB957173):
http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx

Secunia Research:
http://secunia.com/secunia_research/2008-21/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------