Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists in the way Microsoft Word handles data within an array. A specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. A remote code execution vulnerability exists in the way Microsoft Word handles a specially crafted Word Document stream. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. A remote code execution vulnerability exists in the way Microsoft Word parses certain rich text properties within a file. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution.
Detailed Information on the risk:
The bulletin covers 3 remote code execution vulnerabilities in Microsoft Word. Two of the vulnerabilities relate to malformed Word documents, and one to malformed RTF documents. One of the word issues is being exploited in the wild. Word documents could be delivered to users via email or over the web. Malformed word documents are an increasingly popular vector for malware distributors.Further information on this exploit is available at : MS07-024