Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Microsoft Word (multiple bugs)
дополнено с 8 мая 2007 г.
Опубликовано:10 мая 2007 г.
Источник:
SecurityVulns ID:7678
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнение массива, повреждения памяти при разборе потоков и файлов RTF.
Затронутые продукты:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Works 2004
 MICROSOFT : Works 2005
 MICROSOFT : Works 2006
CVE:CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability.")
 CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.)
 CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability.")
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 05.08.07: Microsoft Word RTF File Parsing Heap Corruption Vulnerability (10.05.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) (08.05.2007)
Файлы:Microsoft Security Bulletin MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород