Windows : Microsoft Bulletins : Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.902228

Category: Windows : Microsoft Bulletins

Title: Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)

Summary: This host is missing a critical security update according to; Microsoft Bulletin MS10-056.

Description: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS10-056.

Vulnerability Insight:
The issues are caused by buffer overflow and memory corruption errors when
processing malformed data and records within Word and 'RTF' documents, which
could be exploited by attackers to crash an affected application or execute
arbitrary code.

Vulnerability Impact:
Successful exploitation could allow attackers to execute arbitrary code by
tricking a user into opening a specially crafted Excel document.

Affected Software/OS:
- Microsoft Office Word Viewer

- Microsoft Office Word 2002 Service Pack 3

- Microsoft Office Word 2003 Service Pack 3

- Microsoft Office Word 2007 Service Pack 2

- Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats Service Pack 2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-1900
Cert/CC Advisory: TA10-222A
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
Microsoft Security Bulletin: MS10-056
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490
Common Vulnerability Exposure (CVE) ID: CVE-2010-1901
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612
Common Vulnerability Exposure (CVE) ID: CVE-2010-1902
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472
Common Vulnerability Exposure (CVE) ID: CVE-2010-1903
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12039

Copyright Copyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.902228
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS10-056.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS10-056. Vulnerability Insight: The issues are caused by buffer overflow and memory corruption errors when processing malformed data and records within Word and 'RTF' documents, which could be exploited by attackers to crash an affected application or execute arbitrary code. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document. Affected Software/OS: - Microsoft Office Word Viewer - Microsoft Office Word 2002 Service Pack 3 - Microsoft Office Word 2003 Service Pack 3 - Microsoft Office Word 2007 Service Pack 2 - Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats Service Pack 2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1900 Cert/CC Advisory: TA10-222A http://www.us-cert.gov/cas/techalerts/TA10-222A.html Microsoft Security Bulletin: MS10-056 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490 Common Vulnerability Exposure (CVE) ID: CVE-2010-1901 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612 Common Vulnerability Exposure (CVE) ID: CVE-2010-1902 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472 Common Vulnerability Exposure (CVE) ID: CVE-2010-1903 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12039
Copyright	Copyright (C) 2010 Greenbone AG