===================================================================== CERT-Renater Note d'Information No. 2013/VULN449 _____________________________________________________________________ DATE : 09/10/2013 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Microsoft Word, Microsoft Office version 2003, 2007, Microsoft Office Compatibility Pack. ====================================================================== KB2885084 https://technet.microsoft.com/en-us/security/bulletin/ms13-086 ______________________________________________________________________ Microsoft Security Bulletin MS13-086 - Important Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084) Published: Tuesday, October 08, 2013 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Important for supported editions of Microsoft Word 2003, Microsoft Word 2007, and Microsoft Office Compatibility Pack. Affected Software Microsoft Office 2003 Microsoft Office 2007 Microsoft Office Compatibility Pack Service Pack 3 Vulnerability Information Memory Corruption Vulnerability - CVE-2013-3891 A remote code execution vulnerability exists in the way that affected Microsoft Word software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Memory Corruption Vulnerability - CVE-2013-3892 A remote code execution vulnerability exists in the way that affected Microsoft Word software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================