In association with heise online

04 May 2007, 09:25

Buffer overflow in Word Viewer

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Day three of the Month of ActiveX Bugs presents users with a critical vulnerability in Office's Word Viewer (WordViewer.ocx), using which an attacker can, for example, infect a system with malware. A successful attack merely requires a user to visit a manipulated website. This rather invalidates Microsoft's recommendation to use the Viewer in the event of vulnerabilities in Word, Excel or PowerPoint until such time as an update is available.

The original advisory is, as for the two previous reports, not really worthy of the name - a link to a demo and an extract from the registers at the point at which the bug is triggered. Secunia have, as for the previous problems with the Excel and PowerPoint Viewers, analysed the problem more closely. According to them, a buffer overflow when calling certain methods such as HttpDownloadFile and OpenWebFile() with over-long arguments is responsible for the problem.

The bug was discovered in version of the control, but other versions are very likely to be affected. No patch is available. The problem can be remedied by setting the killbit for the control, but switching off ActiveX completely may be a simpler and safer alternative in the long term.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit