===================================================================== CERT-Renater Note d'Information No. 2013/VULN188 _____________________________________________________________________ DATE : 15/05/2013 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running Microsoft Word version 2003 . ====================================================================== KB2830399 https://technet.microsoft.com/en-us/security/bulletin/ms13-043 ______________________________________________________________________ Microsoft Security Bulletin MS13-043 - Important Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399) Published Date: May 14, 2013 Version: 1.0 General Information Executive Summary This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow code execution if a user opens a specially crafted file or previews a specially crafted email message in an affected version of Microsoft Office software. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for supported editions of Microsoft Word 2003 and Microsoft Word Viewer. For more information, see the subsection, Affected and Non-Affected Software, in this section. The security update addresses the vulnerability by correcting the way that Microsoft Word parses specially crafted Office files. Affected Software Microsoft Word 2003 Service Pack 3 (2810046) Vulnerability Information Word Shape Corruption Vulnerability - CVE-2013-1335 A remote code execution vulnerability exists in the way that Microsoft Word parses content in Word files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================