Archived Bulletin: Do not open or download files from un-trusted sources
Posted by:Roberto Villarreal on 8/21/2008
Today's Date: 11/21/2009
* Do not open email attachments from un-trusted sources.
* Do not download or open files from un-trusted websites.

SUBJECT:
Vulnerability in Microsoft Word Could Allow Remote Code Execution

OVERVIEW:
A vulnerability has been discovered in Microsoft Word that may allow an
attacker to remotely execute arbitrary code in the context of the user.
The vulnerability can be exploited using a specially crafted Word
document that causes a memory handling error. Successful exploitation
will result in an attacker gaining the same privileges as the logged on
user. If the user is logged in with administrator privileges, the
attacker could then install programs; view, change, or delete data; or
create new accounts with full privileges.

This vulnerability is reportedly being actively exploited on the
Internet. 

SYSTEMS AFFECTED: 

	*	Microsoft Word 2002 SP3
	*	Microsoft Word 2003 SP2
	*	Microsoft Word 2003 SP3

				RISK: 

		Government:

	*	Large and medium government entities: High
	*	Small government entities: High

				Businesses:

	*	Large and medium business entities: High
	*	Small business entities: High

				Home users: High

		DESCRIPTION:
	A vulnerability has been identified in Microsoft Word which
could allow remote compromise.  Exploitation is triggered by opening a
specially crafted Word document, which will cause a memory handling
error when parsing record values.  An attacker who successfully
exploited this vulnerability could gain the same rights as the local
user and have the ability to execute arbitrary code.

		Attack scenarios for this vulnerability could come via
email or be web based. In the email based scenario the user would
receive the document as an attachment.  In the Web based scenario a user
would have to visit a website and then open the malicious document. 

		It should be noted that this vulnerability is reportedly
being actively exploited on the Internet. Targeted phishing attacks
which install rootkits have also been observed. 

		RECOMMENDATIONS:
	We recommend the following actions be taken:

	*	Apply appropriate patches provided by Microsoft to
vulnerable systems immediately after appropriate testing.
	*	Run all software as a non-privileged user (one without
administrative privileges) to diminish the effects of a successful
attack. 
	*	Do not open email attachments from un-trusted sources.
	*	Do not download or open files from un-trusted websites.
	*	Ensure that all anti-virus software is up to date with
the latest signatures.
	*	Use Microsoft Word 2003 Viewer to open and view
Microsoft Word files.

REFERENCES:

Microsoft:

http://www.microsoft.com/technet/security/bulletin/MS08-042.mspx
<http://www.microsoft.com/technet/security/bulletin/MS08-042.mspx>