FortiGuard Labs Discovers Multiple Vulnerabilities in Microsoft Word
Credit to Author: Tony Loi| Date: Tue, 21 Mar 2017 09:31:57 -0700
Over the last few months FortiGuard Labs discovered and reported multiple vulnerabilities found in different versions of Microsoft Word. These vulnerabilities were patched in the January (MS17-002) and March (MS17-014) security updates. These patches are rated as important, and as always, we suggest users update Microsoft Office as soon as possible.
Following are some details of these vulnerabilities:
CVE-2017-0003 (Affects MS Word 2016)
This is a memory corruption vulnerability that occurs due to a miscalculation of the size of the object in heap. Later, this miscalculated size is passed to other functions, which then write more content than expected, causing memory corruption. A remote attacker may use a crafted RTF file to exploit this vulnerability and run arbitrary code in the context of the current user.
Fortinet previously released IPS signature MS.Office.PTLS7.RTF.Handling.Memory.Corruption for this specific vulnerability to proactively protect our customers.
CVE-2017-0019 (Affects MS Word 2016)
This is a use-after-free vulnerability that occurs when Word tries to parse a malformed RTF file. With a specifically crafted RTF file, a remote attacker could exploit this vulnerability to run arbitrary code in the context of the current user.
Fortinet previously released IPS signature MS.Office.RTF.File.Handling.Memory.Corruption for this specific vulnerability to proactively protect our customers.
CVE-2017-0105 (Affect MS Word 2007 and 2010)
Microsoft Word suffered from an information leak vulnerability in which an out-of-bound read could occur when Word reads a specially crafted RTF file. An attacker could leverage this vulnerability in accordance with other vulnerabilities in order to achieve arbitrary code execution upon successful exploitation.
FortiGuard Labs previously released IPS signature MS.Office.Word.Uninitialize.Heap.RTF.Memory.Corruption for this specific vulnerability to proactively protect our customers.
-= FortiGuard Lion Team =-
Sign up for weekly Fortinet FortiGuard Labs Threat Intelligence Briefs and stay on top of the newest emerging threats.