Launch Printer Friendly Page Security TechCenter > > Microsoft Security Bulletin MS08-072

Microsoft Security Bulletin MS08-072 - Critical

Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)

Published: | Updated:

Version: 2.0

General Information

Executive Summary

This security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for supported editions of Microsoft Office Word 2000 and Microsoft Office Outlook 2007. For supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer 2003, Microsoft Office Word Viewer, Microsoft Works 8, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated Important. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by modifying the way that Microsoft Office Word and Microsoft Office Outlook handle specially crafted Word and Rich Text Format (RTF) files. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation. Microsoft recommends that customers apply the update immediately.

Known Issues. Microsoft Knowledge Base Article 957173 documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues.

Affected and Non-Affected Software

The following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.

Affected Software

Office Suite and Other SoftwareComponentMaximum Security ImpactAggregate Severity RatingBulletins Replaced by this Update
Microsoft Office Suites and Components
Microsoft Office 2000 Service Pack 3Microsoft Office Word 2000 Service Pack 3
(KB956328)
Remote Code ExecutionCriticalMS08-026
Microsoft Office XP Service Pack 3Microsoft Office Word 2002 Service Pack 3
(KB956329)
Remote Code ExecutionImportantMS08-042
Microsoft Office 2003 Service Pack 3Microsoft Office Word 2003 Service Pack 3
(KB956357)
Remote Code ExecutionImportantMS08-042
2007 Microsoft Office SystemMicrosoft Office Word 2007
(KB956358)
Remote Code ExecutionImportantMS08-026
2007 Microsoft Office SystemMicrosoft Office Outlook 2007
(KB956358)
Remote Code ExecutionCriticalMS08-026
2007 Microsoft Office System Service Pack 1Microsoft Office Word 2007 Service Pack 1
(KB956358)
Remote Code ExecutionImportantMS08-026
2007 Microsoft Office System Service Pack 1Microsoft Office Outlook 2007 Service Pack 1
(KB956358)
Remote Code ExecutionCriticalMS08-026
Other Office Software
Microsoft Office Word Viewer 2003 Service Pack 3
(KB956366)
Not applicable Remote Code ExecutionImportantMS08-026
Microsoft Office Word Viewer
(KB956366)
Not applicable Remote Code ExecutionImportantNone
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
(KB956828)
Not applicable Remote Code ExecutionImportantMS08-026
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
(KB956828)
Not applicable Remote Code ExecutionImportantMS08-026
Microsoft Works 8*
(KB959487)
Not applicable Remote Code ExecutionImportantMS08-052
Microsoft Office for Mac
Microsoft Office 2004 for Mac
(KB960402)
Not applicable Remote Code ExecutionImportantMS08-057
Microsoft Office 2008 for Mac
(KB960401)
Not applicable Remote Code ExecutionImportantMS08-057
Open XML File Format Converter for Mac
(KB960403)
Not applicable Remote Code ExecutionImportantMS08-057

*In order to be offered this security update, customers running Microsoft Works 8.0 must first update to Works 8.5 as described in Microsoft Works Update. This includes all customers using Microsoft Works 8.0, Works Suite 2004, and Works Suite 2005. For customers running Works Suite 2006, Works 8.5 is already included.

Non-Affected Software

Office and Other SoftwareComponent
Microsoft Office 2000 Service Pack 3Microsoft Office Outlook 2000 Service Pack 3
Microsoft Office XP Service Pack 3Microsoft Office Outlook 2002 Service Pack 3
Microsoft Office 2003 Service Pack 3Microsoft Office Outlook 2003 Service Pack 3
Microsoft Works 9.0Not applicable 

Frequently Asked Questions (FAQ) Related to This Security Update

Vulnerability Information

Severity Ratings and Vulnerability Identifiers

Word Memory Corruption Vulnerability - CVE-2008-4024

Word RTF Object Parsing Vulnerability - CVE-2008-4025

Word Memory Corruption Vulnerability - CVE-2008-4026

Word RTF Object Parsing Vulnerability - CVE-2008-4027

Word RTF Object Parsing Vulnerability - CVE-2008-4030

Word RTF Object Parsing Vulnerability - CVE-2008-4028

Word RTF Object Parsing Vulnerability - CVE-2008-4031

Word Memory Corruption Vulnerability - CVE-2008-4837

Update Information

Detection and Deployment Tools and Guidance

Security Update Deployment

Other Information

Acknowledgments

Microsoft thanks the following for working with us to help protect customers:

  • Ricardo Narvaja of Core Security Technologies for reporting the Word Memory Corruption Vulnerability (CVE-2008-4024)
  • Dyon Balding of Secunia Research for reporting the Word RTF Object Parsing Vulnerability (CVE-2008-4025)
  • Yamata Li of Palo Alto Networks for reporting the Word Memory Corruption Vulnerability (CVE-2008-4026)
  • Wushi, working with TippingPoint and the Zero Day Initiative, for reporting the Word RTF Object Parsing Vulnerability (CVE-2008-4027)
  • Aaron Portnoy of TippingPoint DVLabs for reporting the Word RTF Object Parsing Vulnerability (CVE-2008-4030)
  • Wushi of team509, working with Zero Day Initiative, for reporting the Word RTF Object Parsing Vulnerability (CVE-2008-4028)
  • Aaron Portnoy of TippingPoint DVLabs for reporting the Word RTF Object Parsing Vulnerability (CVE-2008-4031)
  • Wushi and Ling, working with TippingPoint and the Zero Day Initiative, for reporting the Word Memory Corruption Vulnerability (CVE-2008-4837)

Microsoft Active Protections Program (MAPP)

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.

Support

  • Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
  • International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

  • V1.0 (December 9, 2008): Bulletin published.
  • V1.1 (December 17, 2008): Changed the Microsoft Baseline Security Analyzer deployment summary to "no" for Microsoft Office Word 2000 Service Pack 3 in the Detection and Deployment Tools and Guidance section. Also, revised the bulletins replaced by this update for Microsoft Office Outlook 2007 and Microsoft Office Outlook 2007 Service Pack 1 in the Affected Software table. There were no changes to the security update binaries.
  • V1.2 (January 7, 2009): Removed Microsoft Office Word Viewer 2003 from the Affected Software table. Also, added an entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, pertaining to Microsoft Office Word Viewer 2003 and Microsoft Office Word Viewer 2003 Service Pack 3. This is an informational change only. There were no changes to the security update binaries.
  • V2.0 (January 13, 2009): Added Microsoft Office Word Viewer to Affected Software table. Also, added an entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, explaining Microsoft Office Word Viewer. There were no changes to the security update binaries or detection. Customers with Microsoft Office Word Viewer who have successfully installed security update KB956366 do not need to reinstall.