Vulnerability Note VU#332404
Microsoft Word fails to properly handle malformed strings
A vulnerability in the way Microsoft Word handles malformed Word Document streams could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft Word contains a memory corruption vulnerability that could be triggered when Word opens a document containing a malformed Word Document stream. Although this vulnerability was initially reported to only cause a denial-of-service, it is now believed that it can be used to execute arbitrary code.
Note that this vulnerability is actively being exploited.
By convincing a user to open a specially crafted Word document, a remote, unauthenticated attacker could execute arbitrary code with the privileges of the user running Word. If the user is logged in with administrative privileges, the attacker could take complete control of a vulnerable system.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||08 May 2007|
CVSS Metrics (Learn More)
This vulnerability was reported by McAfee Avert Labs.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2007-0870
- Date Public: 09 Feb 2007
- Date First Published: 15 Feb 2007
- Date Last Updated: 15 Jun 2007
- Severity Metric: 8.78
- Document Revision: 27
If you have feedback, comments, or additional information about this vulnerability, please send us email.