Microsoft Office RTF pFragments Property Stack Buffer Overflow

Added: 11/16/2010
CVE: CVE-2010-3333
BID: 44652
OSVDB: 69085

Background

Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations.

Problem

A stack buffer overflow vulnerability exists when Microsoft Word parses RTF documents. The vulnerability is due to lack of input validation when handling the values set for the pFragments property.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 10-087.

References

http://secunia.com/advisories/38521/

Limitations

Exploit works on Microsoft Office Word 2002 SP3, Word 2003 SP3, and Word 2007 SP2.

The user must open the exploit file in Microsoft Word on the target system.

Platforms

Windows XP
Windows Vista

Back to exploit index