IPS Research Team Helps Protect Customers from Microsoft Office Word MS10-056 Vulnerabilities
(MS10-056)
Vulnerabilities
Several remote code execution vulnerabilities have been reported in Microsoft Office Word, one of which was discovered by a Check Point IPS Research Team member. A remote attacker can exploit the vulnerabilities to take complete control of an affected system.
Details
The August Microsoft security update includes four patches for vulnerabilities that have been discovered in Microsoft Office Word. Each vulnerability can allow attackers to use specially crafted Word and RTF files to compromise your system and install any application of their choice on it. Here are the details and links to the protections available from Check Point.
| Vulnerability | Affected Product | Industry Reference | Protection |
|---|---|---|---|
| Word RTF data parsing buffer overflow | Office Word 2002 SP3 Office Word 2003 SP3 Office Word 2007 SP2 Office 2004 for Mac Office 2008 for Mac Open XML File Format Converter for Mac Office Word Viewer Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 |
CVE-2010-1902 CVE-2010-1901 | CPAI-2010-237 CPAI-2010-236 |
| Word HTML linked objects memory corruption | Office Word 2002 SP3 Office Word 2003 SP3 Office Word 2007 SP2 Office Word Viewer |
CVE-2010-1903 | CPAI-2010-226 |
| Word sprmCMajority record parsing remote code execution | Office XP SP3 Office 2003 SP3 Office 2007 SP2 |
CVE-2010-1900 | CPAI-2010-243 |
Solution
Check Point recommends applying the latest vendor patches and getting immediate protection by applying the latest IPS update. The IPS Software Blade and NGX SmartDefense detect and block malformed Word and RTF files.
Acknowledgements
The Check Point IPS Research team conducts original research on network, protocol and application vulnerabilities. The team also actively monitors and where appropriate communicates with white, black and grayhat communities to identify vulnerabilities and potential exploits before they are introduced into the wild. This research is used to develop and disseminate defenses through relevant Update Services components.
Acknowledgements go to Rodrigo Rubira Branco from the Check Point IPS Research Team for discovering and reporting the Word HTML Linked Objects Memory Corruption (CVE-2010-1903) vulnerability.
Published August 10, 2010
Updated August 16, 2010