vendor:
Microsoft Word
by:
xCuter (BongGoo Kang - xcuter@returnaddr.org)
9
CVSS
CRITICAL
Unspecified Code Execution
Not specified
CWE
Product Name: Microsoft Word
Affected Version From: Microsoft(R) Word 2000 (9.0.2720)
Affected Version To: Not specified
Patch Exists: NO
Related CWE: Not specified
CPE: Not specified
Platforms Tested: Windows XP SP2 FULL PATCHED (Korean Language)
2007
Microsoft Word 2000 Unspecified Code Execution Vulnerability Exploit (0-day)
When a user opens a specially crafted Word file using a malformed string, it may corrupt system memory in such a way that an attacker could execute arbitrary code. This exploit will execute the command - 'CMD.EXE'.
Mitigation:
Not Patched (zero-day)