Microsoft Security Advisory (929433)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
Published: December 5, 2006
Microsoft is investigating a new report of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.
As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.
Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Purpose of Advisory: To provide customers with initial notification of the publicly disclosed vulnerability. For more information see the “Workarounds and Mitigations” and “Suggested Actions” section of the security advisory.
Advisory Status: Under Investigation.
Recommendation: Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources. This vulnerability could be exploited when a user opens a file.
|
CVE Reference |
CVE-2006-5994 |
This advisory discusses the following software.
|
Word 2000 |
|
Word 2002 |
|
Word 2003 |
|
Word Viewer 2003 |
|
Word 2004 for Mac |
|
Word 2004 v. X for Mac |
|
Works 2004, 2005, and 2006 |
What is the scope of the advisory?
Microsoft is aware of a new vulnerability report affecting Word, which is a component of Microsoft Office. This vulnerability affects the software that is listed in the “Overview” section.
Is this a security vulnerability that requires Microsoft to issue a security update?
Microsoft is developing a security update for Word that addresses this vulnerability.
What versions of Microsoft Office Word are associated with this advisory?
This advisory addresses Word 2000, Word 2002, Word 2003, Microsoft Word Viewer 2003, Word 2004 for Mac, Word 2004 v. X for Mac, and Works 2004, 2005, and 2006.
Why is Microsoft Works Suite is listed in affected software?
Microsoft Works Suite is listed in related software because it includes Microsoft Word.
What causes the vulnerability?
When a user opens a specially crafted Word file using a malformed string, it may corrupt system memory in such a way that an attacker could execute arbitrary code.
How could an attacker exploit the vulnerability?
In a Web-based attack scenario, an attacker would have to host a Web site that contains a Word file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user and by persuading the user to open the file.
| • |
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. |
| • |
In a Web-based attack scenario, an attacker would have to host a Web site that contains a Word file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. |
| • |
The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message. |
| • |
Users who have installed and are using the Office Document Open Confirmation Tool for Office 2000 will be prompted with Open, Save, or Cancel before opening a document. |
Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
| • |
Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file. |
| • |
Protect Your PC We continue to encourage customers follow our Protect Your PC guidance of enabling a firewall, getting software updates and installing ant-virus software. Customers can learn more about these steps by visiting Protect Your PC Web site. |
| • |
For more information about staying safe on the Internet, customers can visit the Microsoft Security Home Page. |
| • |
Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country.
All customers should apply the most recent security updates released by Microsoft to help ensure that their systems are protected from attempted exploitation. Customers who have enabled Automatic Updates will automatically receive all Windows updates. For more information about security updates, visit the Microsoft Security Web site. |
| • |
We recommend that customers exercise extreme caution when they accept file transfers from both known and unknown sources. For more information about how to help protect your computer while you use MSN Messenger, visit the MSN Messenger Frequently Asked Questions Web site. Keep Windows Updated |
| • |
All Windows users should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit the Windows Update Web site, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them. |
Resources:
Disclaimer:
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions:
| • |
V1.0 (December 5, 2006): Advisory published. |
| • |
V1.1 (December 5, 2006): Advisory updated to provide additional clarity around the investigation. |
1 posted on
12/06/2006 7:14:47 AM PST by
sionnsar
To: LibreOuMort
Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. Sigh. Might as well go on vacation...
2 posted on
12/06/2006 7:16:16 AM PST by
sionnsar
(?trad-anglican.faithweb.com?|Iran Azadi| 5yst3m 0wn3d - it's N0t Y0ur5 (SONY) | UN: Useless Nations)
To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...
5 posted on
12/06/2006 7:22:36 AM PST by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
To: sionnsar
OpenOffice.org time.
Regards, Ivan
7 posted on
12/06/2006 7:24:27 AM PST by
MadIvan
(I aim to misbehave.)
To: sionnsar
Microsoft ... where quailty is job 1.4
8 posted on
12/06/2006 7:27:04 AM PST by
tx_eggman
(Democrat Campaign Slogan - 2006: "Bring Out The Gimp!")
To: sionnsar
Microsoft suggests that users 'not open or save Word files,' even from trusted sources."Quite a plan you've got there, Ballmer.
To: Swordmaker
To: sionnsar
How nice. The only MS code on any of my machines is the older version of Office for Mac that isn't affected by this alert.
Make one wonder what rot the ported from the Windows version into the 2004 Mac version to make it vulnerable.
17 posted on
12/06/2006 8:19:57 AM PST by
The_Reader_David
(And when they behead your own people in the wars which are to come, then you will know. . .)
To: Swordmaker
Don't open any Word documents today.... even on a Mac.
Ping.
19 posted on
12/06/2006 9:00:55 AM PST by
TheBattman
(I've got TWO QUESTIONS for you....)
To: sionnsar
"Microsoft has tested the following workarounds. Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file.
Protect Your PC - (Could this mean avoiding their products all together?)
We continue to encourage customers follow our Protect Your PC guidance of enabling a firewall, getting software updates and installing ant-virus software. Customers can learn more about these steps by visiting Protect Your PC Web site.
This being their "workaround" is just funny to me. LOL what a joke!!
21 posted on
12/06/2006 9:06:28 AM PST by
KoRn
To: sionnsar
Microsoft suggests that users 'not open or save Word files,' even from trusted sources."Best advise I've seen from Microsoft in ages.
38 posted on
12/06/2006 6:44:23 PM PST by
zeugma
(I reject your reality and substitute my own in its place. (http://www.zprc.org/))
To: sionnsar
Recommendation: Do not open or save Word files that you receive from un-trusted or that are received unexpected from trusted sources. This vulnerability could be exploited when a user opens a file.There. Fixed it.
To: prayin4_swcb
50 posted on
12/06/2006 11:00:16 PM PST by
Swordmaker
(Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
To: sionnsar
Office 2007 with a new proprietary XML document format launches. Within mere weeks a new exploit pops up that makes using the older version of office a bit more risky...
Yeah... my tinfoil may be on a bit tight, but that is just too much of a coinkydink...
53 posted on
12/07/2006 6:52:07 AM PST by
Dead Corpse
(Anyone who needs to be persuaded to be free, doesn't deserve to be.)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson
