header-logo
Suggest Exploit
vendor:
Microsoft Word
by:
xCuter (BongGoo Kang - xcuter@returnaddr.org)
9
CVSS
CRITICAL
Unspecified Code Execution
Not specified
CWE
Product Name: Microsoft Word
Affected Version From: Microsoft(R) Word 2000 (9.0.2720)
Affected Version To: Not specified
Patch Exists: NO
Related CWE: Not specified
CPE: Not specified
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP2 FULL PATCHED (Korean Language)
2007

Microsoft Word 2000 Unspecified Code Execution Vulnerability Exploit (0-day)

When a user opens a specially crafted Word file using a malformed string, it may corrupt system memory in such a way that an attacker could execute arbitrary code. This exploit will execute the command - 'CMD.EXE'.

Mitigation:

Not Patched (zero-day)
Source

Exploit-DB raw data:

############ use at your own risk *******

+ Title: Microsoft Word 2000 Unspecified Code Execution Vulnerability Exploit (0-day)

+ code by xCuter (BongGoo Kang - xcuter@returnaddr.org)
           
+ Critical: High Critical
 
+ Impact: MS Word 2000 -> Could Allow Arbitrary Command Execution
          MS word 2003 -> Attempts against Word 2003/XP will consume all CPU resources and will cause a denial of service
 
+ Where: From remote
 
+ Tested Operating System: Windows XP SP2 FULL PATCHED (Korean Language)
 
+ Tested Software: Microsoft(R) Word 2000 (9.0.2720)
 
+ Solution: Not Patched (zero-day)
 
+ Description:
  When a user opens a specially crafted Word file using a malformed string,
  it may corrupt system memory in such a way that an attacker could execute arbitrary code
  This exploit will be execute command - 'CMD.EXE'
 
+ Reference : http://www.microsoft.com/technet/security/advisory/932114.mspx - Microsoft Security Advisory (932114)
 
- https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29524.doc (02032007-word2000exp.doc)
- http://www.returnaddr.org/exploit/word2000

############ use at your own risk *******

# milw0rm.com [2007-02-03]