|Check Point Reference:||CPAI-2005-263|
|Date Published:||21 Jun 2010|
|Last Updated:||26 Nov 2017|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Microsoft Word is a document authoring product released by the Microsoft Corporation. Its native file format is the Word Document. A Word Document has numerous properties which define the appearance of the document, text alignment, pictures and text font. The names of the fonts used in the document are also contained within the document itself. These font names are stored in the document in the Unicode format.There exists a buffer overflow vulnerability in the way Microsoft Word parses fonts. The vulnerability is caused due to the lack of boundary checking when processing fonts in a malformed Word document. A remote attacker can exploit this vulnerability to execute arbitrary code on the target system by enticing the victim to open a malformed document. Any code injected will be executed within the security context of the victim user account.In case of an attack where code injection and execution is successful, the behavior of the target is dependent on the intended purpose of the injected code.In case of an attack where code injection is not successful, the vulnerable application may terminate abnormally.|
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Content Protection Violation.
Attack Information: Microsoft Word Font Parsing Buffer Overflow