Microsoft Office Word RTF Parsing Engine Memory Corruption

Added: 08/12/2010
CVE: CVE-2010-1901
BID: 42132
OSVDB: 66995

Background

Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite.

Problem

Microsoft Office Word does not perform sufficient data validation when handling rich text data. When Word opens and parses a specially crafted RTF e-mail message or file, it may corrupt memory in such a way that an attacker could execute arbitrary code.

Resolution

Install the patch referenced in Microsoft Security Bulletin 10-056.

References

http://www.microsoft.com/technet/security/bulletin/MS10-056.mspx

Limitations

Exploit works on Microsoft Office Word 2003 SP3.

This exploit requires the Compress-Zlib PERL module from CPAN.

This exploit is not 100% reliable since the exploit script relies on a heap memory address that is not always fixed.

Platforms

Windows

Back to exploit index