=====================================================================
                                     CERT-Renater

                          Note d'Information No. 2007/VULN042
_____________________________________________________________________

DATE                      : 14/02/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Word, Microsoft
                                           Works Suites.

======================================================================

MS07-014 - Vulnerabilities in Microsoft Word Could Allow Remote Code
            Execution (929434)

Affected Software:
    - Microsoft Office 2000 Service Pack 3
    - Microsoft Word 2000
    - Microsoft Office XP Service Pack 3
    - Microsoft Word 2002
    - Microsoft Office 2003 Service Pack 2
    - Microsoft Word 2003
    - Microsoft Word Viewer 2003
    - Microsoft Works Suites:
      - Microsoft Works Suite 2004
      - Microsoft Works Suite 2005
      - Microsoft Works Suite 2006
    - Microsoft Office 2004 for Mac

Non-Affected Software:
    - 2007 Microsoft Office System
    - Microsoft Office Word 2007

Full MS07-014 advisory:
    http://www.microsoft.com/technet/security/Bulletin/ms07-014.mspx

Vulnerability Details

Word Malformed String Vulnerability - CVE-2006-5994:

    A remote code execution vulnerability exists in the way Microsoft Word
    handles Word files with a specially crafted string. Such a specially
    crafted file might be included as an e-mail attachment or hosted on a
    malicious Web site. An attacker could exploit the vulnerability by
    constructing a specially crafted Word file that could allow remote
    code execution.

Word Malformed Data Structures Vulnerability - CVE-2006-6456:

    A remote code execution vulnerability exists in the way Microsoft Word
    handles Word files with a specially crafted data structure. Such a
    specially crafted file might be included as an e-mail attachment or
    hosted on a malicious Web site. An attacker could exploit the
    vulnerability by constructing a specially crafted Word file that could
    allow remote code execution. Viewing or previewing a malformed e-mail
    message in an affected version of Outlook could not lead to
    exploitation of this vulnerability.

Word Count Vulnerability - CVE-2006-6561:

    A remote code execution vulnerability exists in Microsoft Word. An
    attacker could exploit this vulnerability when Word parses a file and
    processes an unchecked count. Such a specially crafted file might be
    included as an e-mail attachment or hosted on a malicious Web site. An
    attacker could exploit the vulnerability by constructing a specially
    crafted Word file that could allow remote code execution. Viewing or
    previewing a malformed e-mail message in an affected version of
    Outlook could not lead to exploitation of this vulnerability.

Word Macro Vulnerability - CVE-2007-0208:

    A remote code execution vulnerability exists in Microsoft Word. If a
    user is logged on with administrative user rights, an attacker who
    successfully exploited this vulnerability could take complete control
    of an affected system. An attacker could then install programs; view,
    change, or delete data; or create new accounts with full user rights.
    Users whose accounts are configured to have fewer user rights on the
    system could be less impacted than users who operate with
    administrative user rights.

Word Malformed Drawing Object Vulnerability - CVE-2007-0209:

    A remote code execution vulnerability exists in Microsoft Word. An
    attacker could exploit this vulnerability when Word parses a file and
    processes a malformed drawing object. Such a specially crafted file
    might be included as an e-mail attachment or hosted on a malicious Web
    site. An attacker could exploit the vulnerability by constructing a
    specially crafted Word file that could allow remote code execution.

Word Malformed Function Vulnerability - CVE-2007-0515:

    A remote code execution vulnerability exists in Microsoft Word. An
    attacker could exploit this vulnerability when Word parses a file and
    processes a malformed function. Such a specially crafted file might be
    included as an e-mail attachment or hosted on a malicious web site.
    Viewing or previewing a malformed e-mail message in an affected
    version of Outlook could not lead to exploitation of this
    vulnerability. An attacker could exploit the vulnerability by
    constructing a specially crafted Word file that could allow remote
    code execution.

======================================================================

            =========================================================
            Les serveurs de référence du CERT-Renater
            http://www.urec.fr/securite
            http://www.cru.fr/securite
            http://www.renater.fr
            =========================================================
            + CERT-RENATER          | tel : 01-53-94-20-44          +
            + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
            + 75013 Paris           | email: certsvp@renater.fr     +
            =========================================================