vendor:
Microsoft Office Word
by:
R-73eN
7.5
CVSS
HIGH
ASLR and DEP bypass
119
CWE
Product Name: Microsoft Office Word
Affected Version From: Microsoft Office Word 2007
Affected Version To: Microsoft Office Word 2007
Patch Exists: NO
Related CWE:
CPE: a:microsoft:office_word:2007
Platforms Tested: Windows 7 Starter
2015
Microsoft Office Word 2007 – RTF Object Confusion ASLR and DEP bypass
This exploit allows an attacker to bypass ASLR and DEP protections in Microsoft Office Word 2007. The exploit takes advantage of a confusion in the RTF object handling. The attacker can execute arbitrary code, such as a Windows message box, on the target machine.
Mitigation:
Apply the latest security patches and updates from Microsoft. Use caution when opening RTF files from untrusted sources.