Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Wed, 13 Feb 2008 16:34:55 +0100
Type : VULN
Sujet : CERT-Renater : 2008/VULN034 (Microsoft: Critical Vulnerability in Microsoft Word Could Allow Remote Code Execution)
====================================================================                                    CERT-Renater

                         Note d'Information No. 2008/VULN034
_____________________________________________________________________

DATE                      : 13/02/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Word.

======================================================================

MS08-009 - Critical - Vulnerability in Microsoft Word Could Allow Remote
Code Execution (947077)

    Published: February 12, 2008
    Version: 1.0

    This critical security update resolves one privately reported
    vulnerability in Microsoft Word that could allow remote code execution
    if a user opens a specially crafted Word file. An attacker who
    successfully exploited this vulnerability could take complete control
    of an affected system. An attacker could then install programs; view,
    change, or delete data; or create new accounts with full user rights.
    Users whose accounts are configured to have fewer user rights on the
    system could be less impacted than users who operate with administrative
    user rights.


Affected Software

    o Microsoft Office 2000 Service Pack 3 - Microsoft Word 2000 Service
      Pack 3

    o Microsoft Office XP Service Pack 3 - Microsoft Word 2002 Service
      Pack 3

    o Microsoft Office 2003 Service Pack 2 - Microsoft Word 2003 Service
      Pack 2

    o Microsoft Office Word Viewer 2003


Vulnerability Information

Word Memory Corruption Vulnerability - CVE-2008-0109

    A remote code execution vulnerability exists in the way that Word
    handles specially crafted Word files. The vulnerability could allow
    remote code execution if a user opens a specially crafted Word file
    that includes a malformed value. An attacker who successfully exploited
    this vulnerability could take complete control of an affected system.
    An attacker could then install programs; view, change, or delete data;
    or create new accounts with full user rights.

Workarounds for Word Memory Corruption Vulnerability - CVE-2008-0109

    o Use the Microsoft Office Isolated Conversion Environment (MOICE) when
      opening files from unknown or un-trusted sources

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================