CVE-2010-3214

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2002 SP3, 2003 SP3, 2007 SP2, and 2010 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 Word Viewer Office Web Apps Word Web App

Description A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a crafted Word document. This issue exists in the way Microsoft Word handles stack validation when parsing a specially crafted Word file. An attacker who successfully exploits this issue could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users operating with administrative user rights.

Recommendations For Microsoft Word 2002 SP3, update to a newer version to mitigate the risk. For Microsoft Word 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Word 2007 SP2, update to a newer version to mitigate the risk. For Microsoft Word 2010, update to a newer version to mitigate the risk. For Office 2004 and 2008 for Mac, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2, update to a newer version to mitigate the risk. For Word Viewer, update to a newer version to mitigate the risk. For Office Web Apps, update to a newer version to mitigate the risk. For Word Web App, update to a newer version to mitigate the risk.