Microsoft Office vulnerabilities could allow remote code execution
Report ID: MS201309006
Date Published: 11 September 2013
Compromise Type: information-disclosure remote-code-execution
Compromise From: remote
Microsoft Word 2003
Microsoft Word 2007
Microsoft Word 2010
Multiple vulnerabilities reported in Microsoft Word could lead to information disclosure and remote code execution.
Microsoft has released a security update to address thirteen reported vulnerabilities in Microsoft Word, one of which could lead to information disclosure while the other twelve could lead to remote code execution. The vulnerabilities were caused by improper handling of XML external entities and improper handling of objects in memory.
These vulnerabilities have been address in the latest update by making necessary correction in the way that Word uses XML parser and the way that Office parses files. Users are recommended to install the update onto their system as a protection measure against exploit attempts.
CVE-2013-3160, CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3850, CVE-2013-3851, CVE-2013-3852, CVE-2013-3853, CVE-2013-3854, CVE-2013-3855, CVE-2013-3856, CVE-2013-3857, CVE-2013-3858
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-072)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.