HighProventia Network IPS, Proventia Desktop, RealSecure Server Sensor, RealSecure Network, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Server Protection for Windows, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature detects a specially crafted RTF (Rich Text Format) e-mail message or file that may corrupt memory in such a way as to allow remote code execution.
High
Proventia Network IPS: XPU 30.080, Proventia Desktop: 2550, RealSecure Server Sensor: XPU 30.080, RealSecure Network: XPU 30.080, Proventia Network IDS: XPU 30.080, Proventia-G 1.1 and earlier: XPU 30.080, Proventia Network MFS: XPU 30.080, IBM Security Server Protection for Windows: 2.1.14.2550, Virtual Server Protection for Vmware: XPU 30.080, Proventia Server IPS for Linux technology: 30.080
Microsoft Office: 2003 SP3, Microsoft Office: 2002 SP3, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack: 2007 SP2, Microsoft Office: 2007 SP2, Microsoft Office: 2004 Mac OS, Microsoft Office: 2008 Mac OS, Microsoft Open XML File Format Converter: Mac OS
Unauthorized Access Attempt
Microsoft Word could allow a remote attacker to execute arbitrary code on the system, caused by an error when parsing rich text data. By persuading a victim to open a specially-crafted RTF email message or file with Microsoft Office Word, a remote attacker could exploit this vulnerability to corrupt memory to execute arbitrary code on the system or cause the application to crash.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS10-056
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
http://www.microsoft.com/technet/security/bulletin/ms10-056.mspx
IBM Internet Security Systems Protection Alert
Microsoft Office Word Could Allow Remote Code Execution
http://www.iss.net/threats/376.html
Microsoft Security Bulletin MS10-079
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx
Microsoft Security Bulletin MS10-105
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
http://www.microsoft.com/technet/security/bulletin/ms10-105.mspx
Microsoft Security Bulletin MS12-028
Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185)
http://technet.microsoft.com/en-us/security/bulletin/ms12-028
Microsoft Security Bulletin MS12-029
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
http://technet.microsoft.com/en-us/security/bulletin/ms12-029
ISS X-Force
Microsoft Word RTF code execution
http://www.iss.net/security_center/static/60731.php
CVE
CVE-2010-1901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1901