Zero Day Initiative Advisory 12-201 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a PAPX FKP sections. When parsing a PAPX FKP section, the application will store a calculation. However, when repairing a damaged document, the application will explicitly trust this calculation in a loop that is used to index into an array of objects. This will allow for an out-of-bounds access of an object which can lead to code execution under the context of the application.
948d1a1c70b696b59c4f7f6930d257160fb824f64a669a038c85e9e9a94eba26
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed