Microsoft Word Access Violation Code Execution (MS11-089; CVE-2011-1983)
| Check Point Reference: | CPAI-2011-566 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS11-089 | |
| Industry Reference(s): | CVE-2011-1983 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Word 2007 Service Pack 2 Microsoft Word 2007 Service Pack 3 Microsoft Word 2010 and Microsoft Word 2010 Service Pack 1 (32-bit editions) Microsoft Word 2010 and Microsoft Word 2010 Service Pack 1 (64-bit editions) Microsoft Office for Mac 2011 | ||
| Vulnerability Description A remote code execution vulnerability has been reported in Microsoft Word. |
||
|
Update/Patch Available Apply patches from: MS11-089 |
|
|
Vulnerability Details The vulnerability is due to an error in the way Microsoft Word handles objects in memory. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted Word file with an affected version of Microsoft Word. Successful exploitation could allow an attacker to take complete control over an affected system. |
Protection Overview
This protection will detect and block the transferring of malicious Word files.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.