Microsoft Word RTF Parsing Remote Code Execution Vulnerability

Bugtraq ID:	23836
Class:	Unknown
CVE:	CVE-2007-1202
Remote:	Yes
Local:	No
Published:	May 08 2007 12:00AM
Updated:	May 10 2007 05:49PM
Credit:	iDefense Labs VCP is credited with the discovery of this vulnerability
Vulnerable:	Microsoft Works Suite 2006 0 Microsoft Works Suite 2005 0 Microsoft Works Suite 2004 Microsoft Word Viewer 2003 0 Microsoft Word 2004 for Mac 0 Microsoft Word 2003 + Microsoft Office 2003 SP1 + Microsoft Office 2003 0 Microsoft Word 2002 SP3 Microsoft Word 2002 SP2 + Microsoft Office XP SP2 - Microsoft Windows 2000 Professional SP3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home SP1 - Microsoft Windows XP Home - Microsoft Windows XP Professional SP1 - Microsoft Windows XP Professional Microsoft Word 2002 SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 alpha - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Word 2002 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 alpha - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Word 2000 SR1a + Microsoft Office 2000 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Microsoft Word 2000 SR1 + Microsoft Office 2000 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Microsoft Word 2000 SP3 + Microsoft Office 2000 SP3 - Microsoft Windows 2000 Professional SP3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home SP1 - Microsoft Windows XP Home - Microsoft Windows XP Professional SP1 - Microsoft Windows XP Professional Microsoft Word 2000 SP2 + Microsoft Office 2000 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Microsoft Word 2000 + Microsoft Office 2000 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Microsoft Office XP SP3 + Microsoft Excel 2002 SP3 + Microsoft Excel 2002 SP3 + Microsoft FrontPage 2002 SP3 + Microsoft FrontPage 2002 SP3 + Microsoft Outlook 2002 SP3 + Microsoft Outlook 2002 SP3 + Microsoft PowerPoint 2002 SP3 + Microsoft PowerPoint 2002 SP3 + Microsoft Publisher 2002 SP3 + Microsoft Publisher 2002 SP3 Microsoft Office XP SP2 - Microsoft Windows 2000 Professional SP3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home SP1 - Microsoft Windows XP Home - Microsoft Windows XP Professional SP1 - Microsoft Windows XP Professional Microsoft Office XP SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Office 2004 for Mac 0 Microsoft Office 2003 SP3 Microsoft Office 2003 SP2 Microsoft Office 2003 SP1 Microsoft Office 2003 0 + Microsoft Excel 2003 + Microsoft FrontPage 2003 + Microsoft InfoPath 2003 + Microsoft OneNote 2003 0 + Microsoft Outlook 2003 0 + Microsoft PowerPoint 2003 0 + Microsoft Publisher 2003 Microsoft Office 2002 0 Microsoft Office 2000 SP3 - Microsoft Windows 2000 Professional SP3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home SP1 - Microsoft Windows XP Home - Microsoft Windows XP Professional SP1 - Microsoft Windows XP Professional Microsoft Office 2000 SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Office 2000 SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Professional Microsoft Internet Explorer for Unix SP2 Microsoft Internet Explorer for Unix SP2 Avaya CIE 1.0
Not Vulnerable:	Microsoft Word 2007 0

Microsoft Word RTF Parsing Remote Code Execution Vulnerability

Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

Microsoft Word RTF Parsing Remote Code Execution Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Microsoft Word RTF Parsing Remote Code Execution Vulnerability

Solution:
The vendor released an advisory and updates to address this issue. Please see the references for more information.


Microsoft Word 2003

• Microsoft Security Update for Word 2003 (KB934181)
  http://www.microsoft.com/downloads/details.aspx?familyid=6870245D-4618 -4504-BFFC-878635267059&displaylang=en

Microsoft Word Viewer 2003 0

• Microsoft Security Update for Word Viewer 2003 (KB934041)
  http://www.microsoft.com/downloads/details.aspx?familyid=24547C65-C29A -4D0A-A015-F3F08B24331F&displaylang=en

Microsoft Works Suite 2005 0

• Microsoft Security Update for Word 2002 (KB934394)
  http://www.microsoft.com/downloads/details.aspx?familyid=F25020F5-17C7 -4A60-9088-944FFACB5F19&displaylang=en

Microsoft Works Suite 2004

• Microsoft Security Update for Word 2002 (KB934394)
  http://www.microsoft.com/downloads/details.aspx?familyid=F25020F5-17C7 -4A60-9088-944FFACB5F19&displaylang=en

Microsoft Office 2004 for Mac 0

• Microsoft Security Update Microsoft Office 2004 for Mac (KB936749)
  http://download.microsoft.com/download/0/E/A/0EA2DE70-FF24-41D7-8314-A 46457474192/Office2004-1135UpdateEN.dmg

Microsoft Word 2000 SP3

• Microsoft Security Update for Word 2000 (KB934392)
  http://www.microsoft.com/downloads/details.aspx?familyid=F25020F5-17C7 -4A60-9088-944FFACB5F19&displaylang=en

Microsoft Word 2002 SP3

• Microsoft Security Update for Word 2002 (KB934394)
  http://www.microsoft.com/downloads/details.aspx?familyid=F25020F5-17C7 -4A60-9088-944FFACB5F19&displaylang=en

Microsoft Works Suite 2006 0

• Microsoft Security Update for Word 2002 (KB934394)
  http://www.microsoft.com/downloads/details.aspx?familyid=F25020F5-17C7 -4A60-9088-944FFACB5F19&displaylang=en

Microsoft Word RTF Parsing Remote Code Execution Vulnerability

References:

• Microsoft Word Homepage (Microsoft )
  
• Vulnerability Note VU#555489 (US-CERT )
  
• iDefense Security Advisory 05.08.07: Microsoft Word RTF File Parsing Heap Corrup (iDefense)
  
• Avaya Security Advisory ASA-2007-185 (Avaya )
  
• Microsoft Security Bulletin MS07-024 (Microsoft )
  
• Microsoft Word RTF File Parsing Heap Corruption Vulnerability (iDefense Labs)