exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

MS06-060.txt

MS06-060.txt
Posted Oct 17, 2006
Authored by McAfee Avert Labs Security Advisory | Site mcafee.com

MS06-060 Microsoft Word Memmove Code Execution: An integer bug (stack overflow) exists in the Microsoft Word file format. The file format allows a attacker to create a malicious Microsoft Word document that when opened, will execute arbitrary code.

tags | advisory, overflow, arbitrary, code execution
SHA-256 | 3cae2e3fac489cdba2ec8487874eb74263b0a1ac2d72ec8ac4cfa4bdcc7063da

MS06-060.txt

Change Mirror Download
____________________________________________________________________

McAfee, Inc.
McAfee Avert Labs Security Advisory
Vendor Notification Date: 2006-07-06
Public Release Date: 2006-10-10

Microsoft Word Memmove Code Execution

CVE-2006-3647
______________________________________________________________________

• Synopsis

An integer bug (stack overflow) exists in the Microsoft Word file format. The file
format allows a attacker to create a malicious Microsoft Word document that when
opened, will execute arbitrary code.

RISK FACTOR: CRITICAL
______________________________________________________________________

• Affected software

Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word 2004 for Mac
Microsoft Word v. X for Mac
______________________________________________________________________

• Vulnerability Information

The specific flaw exists during the processing of a malicious WordDocument file.
The overflow can be triggered during the parsing at offset 0xb4c in the WordDocument
stream. At this offset, there is a WORD size that is used as the third parameter
to a memmove call. If the size passed to memmove is > 0x8000, it will extend to
DWORD(0x8000 = 0xffff8001), and will copy 0xffff8001 bytes to the stack.

This is a code execution vulnerability that may be exploited to compromise users that
open a malformed Microsoft Word document.

______________________________________________________________________

• Resolution

Install the Microsoft-provided vendor patch.

______________________________________________________________________

• Credits

This vulnerability was discovered by Chen Xiao Bo of McAfee Avert Labs.

______________________________________________________________________

• Contact Information

For more information about the McAfee Avert Labs, visit our website at:
http://www.mcafee.com/us/threat_center/default.asp

______________________________________________________________________

• Legal Notice

The information contained within this advisory is Copyright (C) 2006 McAfee, Inc. It may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way.

McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

______________________________________________________________________


Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close