PT-2013-6117 · Microsoft · Office Word

Published

2013-11-16

Updated

2013-11-19

CVE-2013-6801

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2003 SP2 and SP3

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by using a malformed .doc file that contains an embedded image. This is related to a "fork bomb" issue, where an attacker can cause the system to consume excessive resources.

Recommendations For Microsoft Word 2003 SP2, avoid opening untrusted .doc files until a fix is available. For Microsoft Word 2003 SP3, avoid opening untrusted .doc files until a fix is available. As a temporary workaround, consider restricting the use of embedded images in .doc files to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2013-6801

Affected Products

Office Word

PT-2013-6117 · Microsoft · Office Word

CVE-2013-6801

Weakness Enumeration

Related Identifiers

Affected Products

References · 5