Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Office vulnerabilities could allow remote code execution


Report ID: MS201309006
Date Published: 11 September 2013

Criticality: Important
Compromise Type: information-disclosure remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft Word 2003
Microsoft Word 2007
Microsoft Word 2010




Summary

Multiple vulnerabilities reported in Microsoft Word could lead to information disclosure and remote code execution.



Detailed Description

Microsoft has released a security update to address thirteen reported vulnerabilities in Microsoft Word, one of which could lead to information disclosure while the other twelve could lead to remote code execution. The vulnerabilities were caused by improper handling of XML external entities and improper handling of objects in memory.

These vulnerabilities have been address in the latest update by making necessary correction in the way that Word uses XML parser and the way that Office parses files. Users are recommended to install the update onto their system as a protection measure against exploit attempts.



CVE Reference

CVE-2013-3160, CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3850, CVE-2013-3851, CVE-2013-3852, CVE-2013-3853, CVE-2013-3854, CVE-2013-3855, CVE-2013-3856, CVE-2013-3857, CVE-2013-3858



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-072)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.