Drew Hintz

**Name of the Vulnerable Software and Affected Versions** Microsoft Word versions 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT Word Viewer Office Compatibility Pack version SP3 Office for Mac version 2011 Word Automation Services on SharePoint Server versions 2010 SP1 and SP2 and 2013 Office Web Apps versions 2010 SP1 and SP2 Office Web Apps Server version 2013 **Description** A remote code execution issue exists due to the way Microsoft Word handles specially crafted files, allowing an attacker to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data. This issue has been exploited in the wild. An attacker who successfully exploits this issue could run arbitrary code as the current user, potentially taking complete control of the affected system if the current user has administrative rights. **Recommendations** For Microsoft Word versions 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT, update to a version that includes the fix for this issue. For Word Viewer, update to a version that includes the fix for this issue. For Office Compatibility Pack version SP3, update to a version that includes the fix for this issue. For Office for Mac version 2011, update to a version that includes the fix for this issue. For Word Automation Services on SharePoint Server versions 2010 SP1 and SP2 and 2013, update to a version that includes the fix for this issue. For Office Web Apps versions 2010 SP1 and SP2, update to a version that includes the fix for this issue. For Office Web Apps Server version 2013, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the handling of specially crafted RTF files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server 2010 SP1 Groove Server 2010 SP1 SharePoint Foundation 2010 SP1 Office Web Apps 2010 SP1 **Description** The issue is related to an elevation of privilege vulnerability that allows remote attackers to inject arbitrary web script or HTML via a crafted string. This vulnerability enables cross-site scripting (XSS) attacks, which can be exploited by an attacker to run a script in the security context of the current user. **Recommendations** For Microsoft SharePoint Server 2010 SP1, consider disabling HTML sanitization functions until a patch is available. For Groove Server 2010 SP1, restrict access to HTML string sanitization to minimize the risk of exploitation. For SharePoint Foundation 2010 SP1, avoid using crafted strings that could lead to XSS attacks until the issue is resolved. For Office Web Apps 2010 SP1, as a temporary workaround, consider restricting the execution of scripts in the context of the current user.

**Name of the Vulnerable Software and Affected Versions** Microsoft InfoPath versions 2007 SP2 through 2007 SP3 Microsoft InfoPath version 2010 SP1 Microsoft Communicator version 2007 R2 Microsoft Lync versions 2010 and 2010 Attendee Microsoft SharePoint Server versions 2007 SP2 through 2007 SP3 Microsoft SharePoint Server version 2010 SP1 Microsoft Groove Server version 2010 SP1 Microsoft Windows SharePoint Services version 3.0 SP2 Microsoft SharePoint Foundation version 2010 SP1 Microsoft Office Web Apps version 2010 SP1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via a crafted string. This is due to an elevation of privilege vulnerability in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user. **Recommendations** For Microsoft InfoPath versions 2007 SP2 through 2007 SP3, update to a newer version to mitigate the risk. For Microsoft InfoPath version 2010 SP1, update to a newer version to mitigate the risk. For Microsoft Communicator version 2007 R2, update to a newer version to mitigate the risk. For Microsoft Lync versions 2010 and 2010 Attendee, update to a newer version to mitigate the risk. For Microsoft SharePoint Server versions 2007 SP2 through 2007 SP3, update to a newer version to mitigate the risk. For Microsoft SharePoint Server version 2010 SP1, update to a newer version to mitigate the risk. For Microsoft Groove Server version 2010 SP1, update to a newer version to mitigate the risk. For Microsoft Windows SharePoint Services version 3.0 SP2, update to a newer version to mitigate the risk. For Microsoft SharePoint Foundation version 2010 SP1, update to a newer version to mitigate the risk. For Microsoft Office Web Apps version 2010 SP1, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2 **Description** A remote code execution issue exists due to insufficient bounds checking when processing specially crafted ICMPv6 Router Advertisement packets. This allows an anonymous attacker to execute arbitrary code via crafted packets. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows Vista versions Gold, SP1, and SP2, update to a version that includes the fix for this issue. For Microsoft Windows Server 2008 versions Gold and SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling IPv6 until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2 **Description** A remote code execution issue exists due to improper handling of local fragmentation of Encapsulating Security Payload (ESP) over UDP packets when a custom network driver is used. This allows remote attackers to execute arbitrary code via crafted packets. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Windows Vista versions Gold, SP1, and SP2, update to a version that properly handles ESP over UDP packets to prevent exploitation. For Microsoft Windows Server 2008 versions Gold and SP2, update to a version that properly handles ESP over UDP packets to prevent exploitation. As a temporary workaround, consider disabling custom network drivers until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2 **Description** The issue arises from insufficient bounds checking in the TCP/IP implementation when processing specially crafted ICMPv6 Route Information packets, allowing remote attackers to execute arbitrary code. This could enable an attacker to take complete control of an affected system, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights. **Recommendations** For Microsoft Windows Vista versions Gold, SP1, and SP2, update to a version that includes the fix for the ICMPv6 Route Information vulnerability. For Microsoft Windows Server 2008 versions Gold and SP2, update to a version that includes the fix for the ICMPv6 Route Information vulnerability. As a temporary workaround, consider disabling IPv6 on affected systems until a patch is available.