|
|
|
|
| |
Credit:
The information has been provided by wushi.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=877
|
| |
Vulnerable Systems:
* Microsoft Word 2003
* Microsoft Word 2007
* Microsoft Outlook 2007
Remote exploitation of an memory corruption vulnerability in Microsoft's Office RTF Parsing Engine could allow an attacker to execute arbitrary code with the privileges of the current user. During the processing of a RTF document containing certain control words, the RTF parsing engine may incorrectly read a value from the RTF file. This value may directly affect the control of execution flow within the RTF parsing engine.
Patch Availability:
Microsoft Corp. has released patches which address this issue.
Information about downloadable vendor updates can be found by clicking on the URLs shown:
http://www.microsoft.com/technet/security/bulletin/MS10-056.mspx
Workaround:
Microsoft suggested workarounds can be found in Microsoft Security Bulletin MS10-056.
CVE Information:
CVE-2010-1901
Disclosure Timeline:
08/11/2009 Initial Vendor Notification
08/11/2009 Initial Vendor Reply
08/10/2010 Coordinated Public Disclosure
|
|
|
|
|
