Vulnerability Note VU#921300
Microsoft Word vulnerable to remote code execution
OverviewA remote code execution vulnerability in Microsoft Word can allow a remote attacker to execute arbitrary code via a specially crafted mail merge file.
I. DescriptionMicrosoft Word contains a remote code execution vulnerability that can be exploited when a specially crafted mail merge file is opened by Word.
More information and a list of affected versions is available in Microsoft Security Bulletin MS06-060.
II. ImpactA remote attacker who can successfully convince the user to open the specially crafted mail merge file may be able to execute arbitrary code with the privileges of the local user.
III. SolutionApply an update
Microsoft has released updates in Mircosoft Security Bulletin MS06-060 to address this issue.
Workaround
Microsoft has supplied the following workaround for this vulnerability:
Do not open or save Microsoft Word files that you receive from untrusted sources or that you received unexpectedly from trusted sources.
Systems Affected
References
http://www.microsoft.com/technet/security/bulletin/ms06-060.mspx
Credit
Thanks to Microsoft Security for reporting this vulnerability in Microsoft Security Bulletin MS06-060.
This document was written by Katie Steiner.
Other Information
| Date Public: | 2006-10-10 |
| Date First Published: | 2006-10-12 |
| Date Last Updated: | 2006-10-12 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2006-3651 |
| NVD-ID(s): | CVE-2006-3651 |
| US-CERT Technical Alerts: | |
| Metric: | 2.52 |
| Document Revision: | 16 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
Get Adobe Reader