Vulnerability in Microsoft Word Could Allow Remote Code Execution

Notification Date: Dec 07, 2006
Notification Version: 1.1

Vulnerability in Microsoft Word Could Allow Remote Code Execution

Public disclosure/
In the wild date:
Dec 05, 2006 (for vuln and active exploitation)



An unspecified memory corruption vulnerability in Microsoft Word could allow a remote attacker to execute arbitrary code on the system. An attacker could exploit this vulnerability by persuading a victim to open a specially-crafted Word document, either by hosting the document on a Web site or sending it as an email attachment.

This vulnerability has been actively exploited by malcode as early as Dec 5, 2006.  ISS has had pre-emptive protection against this threat through the Virus Prevention System since Sept 2005.


ISS Coverage

Product Content Version
Network Sensor 7.0
Proventia A
Proventia IPS (G/GX) prior to Firmware Version 1.2
Server Sensor 7.0
Proventia IPS (G/GX) Firmware Version 1.2 or
Proventia Multifunction Appliance
Proventia Server (Linux)



Proventia Multifunction Appliance

1.x (VPS)

Proventia Server (Windows) 1.0.914.1930
Proventia Desktop 8.0.x (VPS)8.0.x.1930 (IPS)
RealSecure Desktop 7.0 (AM SP 6.76 or 7.76) EPY
BlackICE PC Protection 3.6 CPY
Enterprise Scanner tbd
Internet Scanner tbd
Proventia Web Dec 6 2006 update
Propagation Techniques ISS Protection Available

web downloads
(other vectors like email, etc. are also possible)

Remote exploit

VB_2 and SystemHijack3

Malicious Websites Category (Content Filtering)



Sept 29, 2005

Dec 06, 2006

Dec 12, 2006

Detailed Description

Business Impact:  
CVSS: Base Score:  8.0
  Access Vector:  Remote
Access Complexity:  High
Authentication:  Not Required
Confidentiality Impact:  Complete
Integrity Impact:  Complete
Availability Impact:  Complete
Impact Bias:  Normal
Adjusted Temporal Score:  7.6
  Exploitability:  Functional
Remediation Level:  Unavailable
Report Confidence:  Confirmed
Affected Products:

Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word Viewer 2003
Microsoft Word 2004 for Mac
Microsoft Word 2004 v. X for Mac
Microsoft Works 2004, 2005, and 2006

See XFDB reference for details.



Revision History

Dec 07, 2006: Initial alert
Dec 12, 2006 Added IPS coverage.

* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

About IBM Security Systems

IBM Security Systems include an extensive portfolio of hardware, software solutions, professional and managed services offerings covering the spectrum of IT and business security risks: people and identity, data and information, application and process, network, server and endpoint and physical infrastructure, empowering clients to innovate and operate their businesses on the most secure infrastructure platforms. Through world-class solutions that address risk across the enterprise, IBM helps organizations build a strong security posture that helps reduce costs, improve service, and manage risk. IBM X-Force(R) Research and Development is one of the most renowned commercial security research and development groups in the world. For more information on how to address today's biggest risks, please visit us at