MS.Word.Remote.Code.Execution

Release Date	Feb 13, 2008
Severity	Critical
Impact	System Compromise: Remote attackers can gain control of vulnerable systems. Denial of Service: Remote attackers can crash vulnerable systems.
Description	This indicates an attack attempt against a remote code execution vulnerability in Microsoft Word. The vulnerability is caused by an error when the vulnerable software handles a specially crafted DOC file. It allows a remote attacker to execute arbitrary code.
Affected Products	Microsoft Word 2000 Service Pack 3 Microsoft Word 2002 Service Pack 3 Microsoft Word 2003 Service Pack 2
Recommended Actions	Apply patch, available from the web site: http://www.microsoft.com/technet/security/bulletin/ms08-009.mspx
Common Vulnerabilities and Exposures (CVE)	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0109
Microsoft Bulletin ID	MS08-009 http://www.microsoft.com/technet/security/Bulletin/MS08-009.mspx
Reference/s	http://www.securityfocus.com/bid/27656 (BugTraq) http://www.vupen.com/english/advisories/2008/0511 (FrSIRT)

Reference: VID-15404