Test ID:	1.3.6.1.4.1.25623.1.0.900006
Category:	Windows
Title:	Microsoft Word Could Allow RCE Vulnerability
Summary:	Microsoft Office (with MS Word) is prone to a remote code execution (RCE) vulnerability.
Description:	Summary: Microsoft Office (with MS Word) is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: Flaw is due to an error within the handling of malformed/crafted MS Word documents. Vulnerability Impact: Remote attacker could exploit by persuading victim to open a crafted documents to corrupt memory and cause the application to crash, and also allow to execute arbitrary code with the system privileges of the victim. Affected Software/OS: - Microsoft Word 2002 (XP) with SP3 - Microsoft Word 2003 with SP3 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2244 BugTraq ID: 30124 http://www.securityfocus.com/bid/30124 Cert/CC Advisory: TA08-225A http://www.us-cert.gov/cas/techalerts/TA08-225A.html HPdes Security Advisory: HPSBST02360 http://marc.info/?l=bugtraq&m=121915960406986&w=2 HPdes Security Advisory: SSRT080117 http://isc.sans.org/diary.html?storyid=4696 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5897 http://www.securitytracker.com/id?1020447 http://secunia.com/advisories/30975 http://www.vupen.com/english/advisories/2008/2028 XForce ISS Database: microsoft-word-unspecified-code-execution(43663) https://exchange.xforce.ibmcloud.com/vulnerabilities/43663
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.