=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN572
_____________________________________________________________________

DATE                      : 10/12/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Office Word.

======================================================================
KB957173
http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-072 - Critical
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution
(957173)

   Published: December 9, 2008

   Version: 1.0

General Information

Executive Summary

   This security update resolves eight privately reported vulnerabilities in
   Microsoft Office Word and Microsoft Office Outlook that could allow remote
   code execution if a user opens a specially crafted Word or Rich Text Format
   (RTF) file. An attacker who successfully exploited these vulnerabilities
   could take complete control of an affected system. An attacker could then
   install programs; view, change, or delete data; or create new accounts with
   full user rights. Users whose accounts are configured to have fewer user
   rights on the system could be less impacted than users who operate with
   administrative user rights.

   This security update is rated Critical for supported editions of Microsoft
   Office Word 2000 and Microsoft Office Outlook 2007. For supported editions
   of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office
   Word 2007, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer
   2003, Microsoft Works 8, Microsoft Office 2004 for Mac, Microsoft Office
   2008 for Mac, and Open XML File Format Converter for Mac, this security
   update is rated Important. For more information, see the subsection,
   Affected and Non-Affected Software, in this section.

   The security update addresses the vulnerability by modifying the way that
   Microsoft Office Word and Microsoft Office Outlook handle specially crafted
   Word and Rich Text Format (RTF) files. For more information about the
   vulnerability, see the Frequently Asked Questions (FAQ) subsection for the
   specific vulnerability entry under the next section, Vulnerability
   Information.

   Recommendation. Microsoft recommends that customers apply the update
   immediately.

   Known Issues. Microsoft Knowledge Base Article 957173 documents the
   currently known issues that customers may experience when installing this
   security update. The article also documents recommended solutions for these
   issues.

Affected Software

   Microsoft Office 2000 Service Pack 3

   Microsoft Office Word 2000 Service Pack 3

   Microsoft Office XP Service Pack 3

   Microsoft Office Word 2002 Service Pack 3

   Microsoft Office 2003 Service Pack 3
	
   Microsoft Office Word 2003 Service Pack 3

   2007 Microsoft Office System
	
   Microsoft Office Word 2007
	
   Microsoft Office Outlook 2007

   2007 Microsoft Office System Service Pack 1

   Microsoft Office Word Viewer 2003

   Microsoft Office Word Viewer 2003 Service Pack 3

   Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
   File Formats

   Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
   File Formats Service Pack 1

   Microsoft Works 8*

   Microsoft Office for Mac 	 	 	

   Microsoft Office 2004 for Mac

   Microsoft Office 2008 for Mac

   Open XML File Format Converter for Mac

   * In order to be offered this security update, customers running Microsoft
   Works 8.0 must first update to Works 8.5 as described in Microsoft Works
   Update. This includes all customers using Microsoft Works 8.0, Works Suite
   2004, and Works Suite 2005. For customers running Works Suite 2006, Works
   8.5 is already included.

Vulnerability Information

Word RTF Object Parsing Vulnerability - CVE-2008-4025

   A remote code execution vulnerability exists in the way that Microsoft
   Office handles specially crafted Rich Text Format (RTF) files. The
   vulnerability could allow remote code execution if a user opens a
   specially crafted RTF file in Word or reads a specially crafted e-mail
   sent in the RTF format. An attacker who successfully exploited this
   vulnerability could take control of an affected system in the context of
   the currently logged-on user. An attacker could then install programs;
   view, change, or delete data; or create new accounts with full user rights.

Word Memory Corruption Vulnerability - CVE-2008-4026

   A remote code execution vulnerability exists in the way that Word handles
   specially crafted Word files. The vulnerability could allow remote code
   execution if a user opens a specially crafted Word file with a malformed
   value. Users whose accounts are configured to have fewer user rights on
   the system could be less impacted than users who operate with
   administrative user rights.

Word RTF Object Parsing Vulnerability - CVE-2008-4027

   A remote code execution vulnerability exists in the way that Microsoft
   Office handles specially crafted Rich Text Format (RTF) files. The
   vulnerability could allow remote code execution if a user opens a
   specially crafted RTF file with malformed control words in Word, or
   views or previews a specially crafted RTF file with malformed control
   words in rich text e-mail. An attacker who successfully exploited this
   vulnerability could take control of an affected system in the context of
   the currently logged-on user. An attacker could then install programs;
   view, change, or delete data; or create new accounts with full user rights.

Word RTF Object Parsing Vulnerability - CVE-2008-4030

   A remote code execution vulnerability exists in the way that Microsoft
   Office handles specially crafted Rich Text Format (RTF) files. The
   vulnerability could allow remote code execution if a user opens a
   specially crafted RTF file in Word or reads or previews a specially
   crafted e-mail sent in the RTF format. An attacker who successfully
   exploited this vulnerability could take control of an affected system in
   the context of the currently logged-in user. An attacker could then
   install programs; view, change, or delete data; or create new accounts
   with full user rights.

Word RTF Object Parsing Vulnerability - CVE-2008-4028

   A remote code execution vulnerability exists in the way that Microsoft
   Office handles specially crafted Rich Text Format (RTF) files. The
   vulnerability could allow remote code execution if a user opens a
   specially crafted RTF file in Word, or reads or previews a specially
   crafted e-mail sent in the RTF format. An attacker who successfully
   exploited this vulnerability could take control of an affected system
   in the context of the currently logged-in user. An attacker could then
   install programs; view, change, or delete data; or create new accounts
   with full user rights.

Word RTF Object Parsing Vulnerability - CVE-2008-4031

   A remote code execution vulnerability exists in the way that Microsoft
   Office handles specially crafted Rich Text Format (RTF) files. The
   vulnerability could allow remote code execution if a user opens a
   specially crafted RTF file in Word, or reads or previews a specially
   crafted e-mail sent in the RTF format. An attacker who successfully
   exploited this vulnerability could take control of an affected system in
   the context of the currently logged-on user. An attacker could then
   install programs; view, change, or delete data; or create new accounts
   with full user rights.

Word Memory Corruption Vulnerability - CVE-2008-4837

   A remote code execution vulnerability exists in the way that Microsoft
   Office Word handles specially crafted Word files. The vulnerability
   could allow remote code execution if a user opens a specially crafted
   Word file that includes a malformed record value. An attacker who
   successfully exploited this vulnerability could take control of an
   affected system in the context of the current logged-on user. An attacker
   could then install programs; view, change, or delete data; or create new
   accounts with full user rights.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================