CVE-2010-1902

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2010-1902 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by wushi.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=876

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2010-1902

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Microsoft Word 2003
* Microsoft Word 2007
* Microsoft Outlook 2007

Remote exploitation of a heap buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the targeted user. This vulnerability specifically exists in the handling of some drawing object control words in an RTF document. Under certain circumstances, Word will copy a property value into a heap buffer without checking the length, which causes a heap buffer overflow.

Patch Availability:
Microsoft Corp. has released patches which address this issue.
Information about downloadable vendor updates can be found by clicking on the URLs shown:
http://www.microsoft.com/technet/security/bulletin/MS10-056.mspx

Workaround:
Microsoft suggested workarounds can be found in Microsoft Security Bulletin MS10-056.

CVE Information:
CVE-2010-1902

Disclosure Timeline:
08/12/2009 Initial Vendor Notification
08/12/2009 Initial Vendor Reply
08/10/2010 Coordinated Public Disclosure

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus