Oval Definition:oval:org.mitre.oval:def:18774
Revision Date:2014-06-30Version:18
Title:Word Memory Corruption Vulnerability (CVE-2013-3849) - MS13-072
Description:Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2013-3849
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office Compatibility Pack
Microsoft Word 2003
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word Viewer
Definition Synopsis
  • word 2003/versions
  • Check if the version of winword.exe is less than 11.0.8406
  • AND Microsoft Word 2003 SP3 is installed
  • OR word 2007/versions
  • Check if the version of winword.exe is less than 12.0.6683.5001
  • AND Microsoft Word 2007 SP3 is installed
  • OR word 2010/versions
  • Microsoft Word 2010 SP1 is installed
  • AND Check if the version of winword.exe is less than 14.0.7106.5001
  • OR word viewer/versions
  • Microsoft Word Viewer 2003 SP3 is installed
  • AND Check if the version of wordview is less than 11.0.8406
  • OR office compatibility pack/version
  • Check if the version of wordcnv.dll is less than 12.0.6683.5001
  • AND Microsoft Office Compatibility Pack SP3 is installed
  • BACK