iDefense Security Advisory 05.08.07 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the target user. This vulnerability specifically exists in the handling of property strings of certain control words in an RTF document. In certain circumstances, these property strings can be written into a memory region which has already been deallocated and heap corruption can occur. iDefense has confirmed that winword.exe file version 11.0.8106.0, as included with a fully patched Microsoft Word 2003 SP2, is vulnerable. Previous versions of Microsoft Word are also likely to be affected.
46ec72415e834b6a52d6a15c148a41952e7fb608dc242fbd831554d99fec6755
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed