Microsoft Security Bulletin MS05-023:
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution
(890169)
Bulletin URL:
<http://www.microsoft.com/technet/security/Bulletin/MS05-023.mspx>
Reason for Revision: Bulletin updated to reflect an additional affected
product- Microsoft Word 2003 Viewer Version Number: 2.0 Issued Date:
Tuesday, April 12, 2005 Revision Date: Tuesday, June 14, 2005 Impact of
Vulnerability: Remote code execution Maximum Severity Rating: Critical
Patch(es) Replaced: This bulletin replaces a prior security update. See
the frequently asked questions (FAQ) section of this bulletin for the
complete list.
Caveats: None
Tested Software:
Affected Software:
------------------
* Microsoft Word 2000 and Microsoft Works Suite 2001
<http://tinyurl.com/3q38n>
* Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite
2003, and Microsoft Works Suite 2004 <http://tinyurl.com/5zfxp>
* Microsoft Office Word 2003
<http://tinyurl.com/4m94o>
* Microsoft Word 2003 Viewer
<http://tinyurl.com/a9eob>
Technical Description:
----------------------
* Buffer Overrun in Microsoft Word CAN-2004-0963: A vulnerability exists
in Microsoft Word that could allow an attacker to run arbitrary code on
a users system. If a user is logged on with administrative privileges,
an attacker who successfully exploited this vulnerability could take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts with full
privileges. Users whose accounts are configured to have fewer privileges
on the system would be at less risk than users who operate with
administrative privileges.
* Buffer Overrun in Microsoft Word CAN-2005-0558: A vulnerability exists
in Microsoft Word that could allow an attacker to run arbitrary code on
a users system. If a user is logged on with administrative privileges,
an attacker who successfully exploited this vulnerability could take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts with full
privileges. Users whose accounts are configured to have fewer privileges
on the system would be at less risk than users who operate with
administrative privileges.
Revision History:
-----------------
* v1.0 - 4/12/2005: Bulletin published
* v1.1 - 4/14/2005: Bulletin updated to reflect a revised 'Security
Update Information' section for the Word 2003 security update
* v1.2 - 5/4/2005: Bulletin updated to add msiexec in the administrative
installation in 'Administrative Deployment' section for all versions
* v1.3 - 5/18/2005: Bulletin updated Word 2000 file version for
Winword.exe
* v2.0 - 6/14/2005: Bulletin updated to reflect an additional affected
product- Microsoft Word 2003 Viewer
This email is sent to NTBugtraq automagically as a service to my
subscribers. (v4.01.1975.38886)
Cheers,
Russ Cooper - Senior Scientist - Cybertrust/NTBugtraq Editor
--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an
Anti-Virus product which automatically notifies the perceived sender of a
message it believes is infected may well cause more harm than good. Someone who
did not actually send you a virus may receive the notification and scramble
their support staff to find an infection which never existed in the first
place. Suggest such notifications be disabled by whomever is responsible for
your AV, or at least that the idea is considered.
--
