Microsoft Word 2000 Malformed Function Code Execution Vulnerability
BID:22225
Info
Microsoft Word 2000 Malformed Function Code Execution Vulnerability
| Bugtraq ID: | 22225 |
| Class: | Unknown |
| CVE: |
CVE-2007-0515 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 25 2007 12:00AM |
| Updated: | Feb 13 2007 10:07PM |
| Credit: | Reported by Symantec. |
| Vulnerable: |
Microsoft Word 2000 SR1a Microsoft Word 2000 SR1 Microsoft Word 2000 SP3 Microsoft Word 2000 SP2 Microsoft Word 2000 Microsoft Office 2003 SP2 Microsoft Office 2003 SP1 Microsoft Office 2000 SP3 Microsoft Office 2000 SP1 Microsoft Internet Explorer for Unix SP2 |
| Not Vulnerable: |
Microsoft Office Word 2007 0 Microsoft Office Word 2003 Viewer 0 |
Discussion
Microsoft Word 2000 Malformed Function Code Execution Vulnerability
Microsoft Word 2000 is prone to a remote code-execution vulnerability.
Microsoft Word 2000 is confirmed vulnerable to a remote code-execution issue. Exploit attempts against Word 2003/XP will consume all CPU resources and will cause a denial of service for legitimate users.
Note that this issue is distinct from issues described in BID 21589 (Microsoft Word Code Execution Vulnerability), BID 21451 (Microsoft Word Malformed String Remote Code Execution Vulnerability), and BID 21518 (Microsoft Word Malformed Data Structures Code Execution Vulnerability).
Microsoft Word 2000 is prone to a remote code-execution vulnerability.
Microsoft Word 2000 is confirmed vulnerable to a remote code-execution issue. Exploit attempts against Word 2003/XP will consume all CPU resources and will cause a denial of service for legitimate users.
Note that this issue is distinct from issues described in BID 21589 (Microsoft Word Code Execution Vulnerability), BID 21451 (Microsoft Word Malformed String Remote Code Execution Vulnerability), and BID 21518 (Microsoft Word Malformed Data Structures Code Execution Vulnerability).
Exploit / POC
Microsoft Word 2000 Malformed Function Code Execution Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
Microsoft Word 2000 Malformed Function Code Execution Vulnerability
Solution:
Microsoft has released an advisory detailing updates to address this issue in supported versions of affected applications.
Microsoft Word 2000 SP3
Solution:
Microsoft has released an advisory detailing updates to address this issue in supported versions of affected applications.
Microsoft Word 2000 SP3
-
Microsoft Security Update for Word 2000 (KB929139)
http://www.microsoft.com/downloads/details.aspx?familyid=F1E61E6A-BE3D -4536-AF76-A11D5CE67199&displaylang=en
References
Microsoft Word 2000 Malformed Function Code Execution Vulnerability
References:
References:
- Microsoft Homepage (Microsoft)
- Microsoft Word 2000 Exploit Download Page (xCuter)
- Microsoft Word Homepage (Microsoft )
- MS07-014 - Vulnerabilites in Microsoft Word Could Allow Remote Code Execution (Microsoft)