BID:22567

Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability

Info

Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability

Bugtraq ID:	22567
Class:	Unknown
CVE:	CVE-2007-0870
Remote:	Yes
Local:	No
Published:	Feb 14 2007 12:00AM
Updated:	May 10 2007 05:49PM
Credit:	This issue was reported by the vendor.
Vulnerable:	Microsoft Word 2002 SP3 Microsoft Word 2002 SP2 + Microsoft Office XP SP2 - Microsoft Windows 2000 Professional SP3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home SP1 - Microsoft Windows XP Home - Microsoft Windows XP Professional SP1 - Microsoft Windows XP Professional Microsoft Word 2002 SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 alpha - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Word 2002 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 alpha - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Word 2000 SR1a + Microsoft Office 2000 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Microsoft Word 2000 SR1 + Microsoft Office 2000 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Microsoft Word 2000 SP3 + Microsoft Office 2000 SP3 - Microsoft Windows 2000 Professional SP3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home SP1 - Microsoft Windows XP Home - Microsoft Windows XP Professional SP1 - Microsoft Windows XP Professional Microsoft Word 2000 SP2 + Microsoft Office 2000 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Microsoft Word 2000 + Microsoft Office 2000 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Microsoft Office XP SP3 + Microsoft Excel 2002 SP3 + Microsoft Excel 2002 SP3 + Microsoft FrontPage 2002 SP3 + Microsoft FrontPage 2002 SP3 + Microsoft Outlook 2002 SP3 + Microsoft Outlook 2002 SP3 + Microsoft PowerPoint 2002 SP3 + Microsoft PowerPoint 2002 SP3 + Microsoft Publisher 2002 SP3 + Microsoft Publisher 2002 SP3 Microsoft Office XP SP2 - Microsoft Windows 2000 Professional SP3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home SP1 - Microsoft Windows XP Home - Microsoft Windows XP Professional SP1 - Microsoft Windows XP Professional Microsoft Office XP SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Office XP - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Office 2000 SP3 - Microsoft Windows 2000 Professional SP3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home SP1 - Microsoft Windows XP Home - Microsoft Windows XP Professional SP1 - Microsoft Windows XP Professional Microsoft Office 2000 SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Office 2000 SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Office 2000 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Avaya CIE 1.0

Not Vulnerable:	Microsoft Word 2007 0

Discussion

Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability

Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.

Note that this issue is distinct from previous Word vulnerabilities. This issue has been assigned CVE ID CVE-2007-0870.

Exploit / POC

Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability

This vulnerability is being publicly exploited.

Solution / Fix

Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.

References

Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability

References:

Microsoft Homepage (Microsoft)
Microsoft Security Advisory (933052) (Microsoft)
Microsoft Security Advisory 933052 Published (Microsoft)
Microsoft Word Homepage (Microsoft )
Avaya Security Advisory ASA-2007-185 (Avaya )
Microsoft Security Bulletin MS07-024 (Microsoft )
Vulnerability Note VU#332404 - Microsoft Word fails to properly handle malformed (US-CERT)