|
Family: Windows : Microsoft Bulletins --> Category: infos
Word and/or Excel may allow arbitrary code to run Vulnerability Scan
Vulnerability Scan Summary Acertains the version of WinWord.exe
Detailed Explanation for this Vulnerability Test
Synopsis :
Arbitrary code can be executed on the remote host through Office.
Description :
The remote host is running a version of Microsoft Word and/or Microsoft Excel
which are subject to a flaw which may allow arbitrary code to be run.
A possible hacker may use this to execute arbitrary code on this host.
To succeed, the attacker would have to send a rogue word or excel
file to the owner of this computer and have it open it. Then the
macros contained in the word file would bypass the security model
of word, and would be executed.
Solution :
Microsoft has released a set of patches for Office 97, 2000 and 2002 :
http://www.microsoft.com/technet/security/bulletin/ms03-050.mspx
Threat Level:
High / CVSS Base Score : 8
(AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|