|
Multiple vulnerabilities have been reported in Microsoft Office Word, which can be exploited by malicious people to compromise a user's system. 1) An error when processing List File Override (LFO) entries can be exploited to corrupt memory via a specially crafted Word file. 2) An integer overflow error exists when calculating the space required for the specified number of points in a polyline or polygon. This can be exploited to cause a heap-based buffer overflow during parsing of objects in Rich Text Format (.rtf) files e.g. when a user opens a specially crafted .rtf file with Word or previews a specially crafted e-mail. 3) An unspecified error when parsing certain records can be exploited to corrupt memory via a specially crafted Word file. 4) An error exists when processing consecutive "\do" drawing object tags encountered in RTF documents. This can be exploited to free a heap buffer twice and corrupt memory. 5) An error when processing mismatched "\dpgroup" and "\dpendgroup" controlwords can be exploited to cause a buffer overflow via an RTF document containing an overly large number of "\dpendgroup" tags. 6) A boundary error when parsing RTF documents containing multiple drawing object tags can be exploited to cause a heap-based buffer overflow. 7) A boundary error when processing RTF documents can be exploited to overflow a static buffer via a document containing an overly large number of "\stylesheet" control words. 8) An error when processing a malformed table property can be exploited to cause a stack-based buffer overflow via a specially crafted Word document. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
|
