Oval Definition:oval:org.mitre.oval:def:11612
Revision Date:2014-06-30Version:20
Title:Word RTF Parsing Engine Memory Corruption Vulnerability
Description:Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-1901
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office Compatibility Pack
Microsoft Office Word Viewer
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word 2007
Definition Synopsis
  • Word 2002
  • Microsoft Word 2002 is installed
  • AND the version of Winword.exe is less than 10.0.6864.0
  • OR Word 2003
  • Microsoft Word 2003 is installed
  • AND the version of Winword.exe is less than 11.0.8326.0
  • OR Word 2007
  • Microsoft Word 2007 is installed
  • AND the version of Winword.exe is less than 12.0.6541.5000
  • OR Word Viewer
  • Microsoft Word Viewer is installed
  • AND the version of Wordview.exe is less than 11.0.8326.0
  • OR Office Compatibility Pack 2007
  • Microsoft Office Compatibility Pack is installed
  • AND the version of Wordcnv.dll is less than 12.0.6539.5000
    • BACK