CERTA-2005-AVI-139
Vulnerability from certfr_avis
None
Description
Selon Microsoft, deux vulnérabilités de type débordement de mémoire sont présentes dans Microsoft Word.
En incitant un utilisateur à visualiser, au moyen d'un logiciel Microsoft Word vulnérable, des fichiers astucieusement constitués, un utilisateur mal intentionné peut réaliser l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs.
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Word 2002, Microsoft Works Suite 2002 ; | ||
| Microsoft | Office | Microsoft Office Word 2003 ; | ||
| Microsoft | N/A | Microsoft Works Suite 2001 ; | ||
| Microsoft | N/A | Microsoft Works Suite 2004. | ||
| Microsoft | N/A | Microsoft Word 2000 ; | ||
| Microsoft | N/A | Microsoft Works Suite 2003 ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Word 2002, Microsoft Works Suite 2002 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Word 2003 ;",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Works Suite 2001 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Works Suite 2004.",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2000 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Works Suite 2003 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nSelon Microsoft, deux vuln\u00e9rabilit\u00e9s de type d\u00e9bordement de m\u00e9moire sont\npr\u00e9sentes dans Microsoft Word.\n\nEn incitant un utilisateur \u00e0 visualiser, au moyen d\u0027un logiciel\nMicrosoft Word vuln\u00e9rable, des fichiers astucieusement constitu\u00e9s, un\nutilisateur mal intentionn\u00e9 peut r\u00e9aliser l\u0027ex\u00e9cution de code arbitraire\n\u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs.\n",
"cves": [],
"initial_release_date": "2005-04-13T00:00:00",
"last_revision_date": "2005-04-13T00:00:00",
"links": [
{
"title": "Bulletin de securit\u00e9 de Microsoft MS05-023 du 12 avril 2005:",
"url": "http://www.microsoft.com/technet/security/bulletin/MS05-023.mspx"
}
],
"reference": "CERTA-2005-AVI-139",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s de Microsoft Word",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 MS05-023 de Microsoft",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…