---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft Office Word Two Vulnerabilities SECUNIA ADVISORY ID: SA35377 VERIFY ADVISORY: http://secunia.com/advisories/35377/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Office Word, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when parsing certain records can be exploited to cause a buffer overflow via a specially crafted Word document. 2) Another boundary error when parsing certain records can be exploited to cause a buffer overflow via a specially crafted Word document. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Microsoft Office Word 2000 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=3663e9f2-a952-4238-b902-90b5b09feb38 Microsoft Office Word 2002 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=f1323be1-15f2-491b-abae-c03ba1394398 Microsoft Office Word 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=7cbc2587-2c8c-49b4-9f40-e4cdccb61ecd Microsoft Office Word 2007 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=7e205108-4c28-4cab-a4d0-4ed3fd696473 Microsoft Office Word 2007 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=7e205108-4c28-4cab-a4d0-4ed3fd696473 Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550 Microsoft Office 2008 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58 Open XML File Format Converter for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6 Microsoft Office Word Viewer 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=82980a40-f10c-4f02-b06c-3a12d4434a6b Microsoft Office Word Viewer: http://www.microsoft.com/downloads/details.aspx?familyid=82980a40-f10c-4f02-b06c-3a12d4434a6b Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1: http://www.microsoft.com/downloads/details.aspx?familyid=63bd8f14-e736-46ce-af66-d30f17461e5a Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2: http://www.microsoft.com/downloads/details.aspx?familyid=63bd8f14-e736-46ce-af66-d30f17461e5a PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Wushi of team509 via ZDI. 2) The vendor credits Nicolas Joly, Vupen Security. ORIGINAL ADVISORY: MS09-027 (KB969514, KB969600, KB969602, KB969603, KB969604, KB969613, KB969614, KB969661, KB971822, KB971824): http://www.microsoft.com/technet/security/Bulletin/MS09-027.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------