[Microsoft Alert] Microsoft Security Bulletin MS06-027

Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)

Issued: June 13, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft Windows

 

Impact of Vulnerability: Remote Code Execution

 

Maximum Severity Rating: Critical

 

Recommendation: Customers should apply the update immediately

 

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

 

 

Vulnerability Details:

A remote code execution vulnerability exists in Word using a malformed object pointer. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution.

 

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

 

 

Affected Software:

Microsoft Office 2000 Service Pack 3

 

Microsoft Office XP Service Pack 3

 

Microsoft Office 2003 Service Pack 1 or Service Pack 2

 

Microsoft Works Suites:

 

Microsoft Works <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />Suite 2000

 

Microsoft Works Suite 2001

 

Microsoft Works Suite 2002

 

Microsoft Works Suite 2003

 

Microsoft Works Suite 2004

 

Microsoft Works Suite 2005

 

Microsoft Works Suite 2006

 

 

Non-Affected Software:

Microsoft Word v. X for Mac

 

Microsoft Word 2004 for Mac

---