1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS Word SmartTag Remote Code Exec

HTTP MS Word SmartTag Remote Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a remote code-execution vulnerability in the Microsoft Word.

Additional Information

Microsoft Word is prone to an unspecified remote code-execution vulnerability. This issue is caused by Word files containing a malformed object pointer that may result in memory corruption.

Reports indicate that this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious Word document to a user. If the user opens the attacker-supplied document, the attacker may subsequently gain unauthorized access to the computer in the context of the user.

This issue is being actively exploited in the wild to place a backdoor named Backdoor.Ginwui on targeted computers through a trojan named Trojan.Mdropper.H.

Affected

  • Microsoft Excel 2004 for Mac
  • Microsoft Office X for Mac
  • Microsoft Word 2000 SP2, SP3, SR1, SR1a
  • Microsoft Word 2002 SP1, SP2, SP3
  • Microsoft Word 2003
  • Microsoft Word 2003 Viewer
  • Microsoft Word X for Mac
  • Microsoft Works Suite 2000
  • Microsoft Works Suite 2001
  • Microsoft Works Suite 2002
  • Microsoft Works Suite 2003
  • Microsoft Works Suite 2004
  • Microsoft Works Suite 2005
  • Microsoft Works Suite 2006
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube