From russ.cooper@CYBERTRUST.COM Tue Jun 14 13:59:49 2005 From: "Cooper, Russ" To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM Date: Tue, 14 Jun 2005 13:42:09 -0400 Reply-To: Windows NTBugtraq Mailing List Subject: MajorRev: v2.0 Microsoft Security Bulletin MS05-023 - Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169) Microsoft Security Bulletin MS05-023: Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169) Bulletin URL: Reason for Revision: Bulletin updated to reflect an additional affected product- Microsoft Word 2003 Viewer Version Number: 2.0 Issued Date: Tuesday, April 12, 2005 Revision Date: Tuesday, June 14, 2005 Impact of Vulnerability: Remote code execution Maximum Severity Rating: Critical Patch(es) Replaced: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list. Caveats: None Tested Software: Affected Software: ------------------ * Microsoft Word 2000 and Microsoft Works Suite 2001 * Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004 * Microsoft Office Word 2003 * Microsoft Word 2003 Viewer Technical Description: ---------------------- * Buffer Overrun in Microsoft Word CAN-2004-0963: A vulnerability exists in Microsoft Word that could allow an attacker to run arbitrary code on a users system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. * Buffer Overrun in Microsoft Word CAN-2005-0558: A vulnerability exists in Microsoft Word that could allow an attacker to run arbitrary code on a users system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. Revision History: ----------------- * v1.0 - 4/12/2005: Bulletin published * v1.1 - 4/14/2005: Bulletin updated to reflect a revised 'Security Update Information' section for the Word 2003 security update * v1.2 - 5/4/2005: Bulletin updated to add msiexec in the administrative installation in 'Administrative Deployment' section for all versions * v1.3 - 5/18/2005: Bulletin updated Word 2000 file version for Winword.exe * v2.0 - 6/14/2005: Bulletin updated to reflect an additional affected product- Microsoft Word 2003 Viewer This email is sent to NTBugtraq automagically as a service to my subscribers. (v4.01.1975.38886) Cheers, Russ Cooper - Senior Scientist - Cybertrust/NTBugtraq Editor -- NTBugtraq Editor's Note: Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered. --