Vigil@nce - Word: denial of service via MSO.DLL
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite a victim to open a malicious document with
Word, in order to stop it.
Severity: 1/4
Creation date: 15/09/2010
DESCRIPTION OF THE VULNERABILITY
The Word application uses the MSO.DLL (Microsoft Office) library,
which implements generic Office features.
If a Word document contains malformed data, a NULL pointer is
dereferenced in MSO.DLL.
An attacker can therefore invite a victim to open a malicious
document with Word, in order to stop it.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Word-denial-of-service-via-MSO-DLL-9945