Microsoft Word Memory Corruption Remote Code Execution Vulnerability
|
|
| A vulnerability exists in Microsoft Word due to a memory corruption error when processing crafted RTF files. A remote attacker could exploit this vulnerability to execute arbitrary code on vulnerable systems. |
Technical Analysis
|
| Microsoft Word is a word processing application included as a part of the Microsoft Office suite. A vulnerability exists in Microsoft Word 2003, 2007, 2010, 2013, and 2013 RT; Microsoft Word Viewer; the Microsoft Office Compatibility Pack; Microsoft Office for Mac 2011; Microsoft SharePoint Server 2010 and 2013; and Microsoft Office Web Apps 2010 and Office Web Apps Server 2013 due to improper handling of objects in memory when parsing RTF files. Parsing a specially crafted RTF file may allow remote attackers to corrupt memory and execute arbitrary code on vulnerable systems with the privileges of the logged on user. Successful exploitation may lead to a system compromise if the user operates with administrative privileges. |
Solution
|
| The vendor has released an update to address this vulnerability. Users of Microsoft Word should apply Microsoft Fix it 51010, which can be downloaded from https://support.microsoft.com/kb/2953095. |
References
|
- http://office.microsoft.com/en-us/word/
- http://support.microsoft.com/kb/2953095
- http://technet.microsoft.com/en-us/security/advisory/2953095
|
The Hackers New