===================================================================== CERT-Renater Note d'Information No. 2006/VULN515 _____________________________________________________________________ DATE : 11/10/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Microsoft Word. ====================================================================== http://www.microsoft.com/technet/security/Bulletin/MS06-060.mspx MS06-060 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554) Affected Software: - Microsoft Office 2000 Service Pack 3 - Microsoft Word 2000 - Microsoft Office XP Service Pack 3 - Microsoft Word 2002 - Microsoft Office 2003 Service Pack 1 or Service Pack 2 - Microsoft Office Word 2003 - Microsoft Office Word 2003 Viewer - Microsoft Works Suites: - Microsoft Works Suite 2004 - Microsoft Works Suite 2005 - Microsoft Works Suite 2006 - Microsoft Office 2004 for Mac - Microsoft Office v. X for Mac - From Microsoft Security Bulletin MS06-060: Microsoft Word Vulnerability – CVE-2006-3647: A remote code execution vulnerability exists in Word. An attacker could exploit this vulnerability when Word parsed a file that contains a malformed string. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious web site. Viewing or previewing a malformed e-mail message in Outlook could not lead to exploitation of this vulnerability. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. Microsoft Word Mail Merge Vulnerability - CVE-2006-3651: A remote code execution vulnerability exists in Microsoft Word, and could be exploited when Word opens a specially crafted mail merge file. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious web site. Viewing or previewing a malformed e-mail message in an affected version of Outlook could not lead to exploitation of this vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. Microsoft Word Malformed Stack Vulnerability - CVE-2006-4534: A remote code execution vulnerability exists in Microsoft Word, and could be exploited when Word opens a specially crafted file. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious web site. Viewing or previewing a malformed e-mail message in an affected version of Outlook could not lead to exploitation of this vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. Microsoft Word for Mac Vulnerability - CVE-2006-4693: A remote code execution vulnerability exists in Word for Mac. An attacker could exploit this vulnerability when Word for Mac parses a specially crafted file that contains a malformed string. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious web site. Viewing or previewing a malformed e-mail message in Outlook could not lead to exploitation of this vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================