
Just before Microsoft monthly release of security patches, another office vulnerability has been brought to the attention of the public. As the product has proven a collection of security holes in the past,
another surfaced vulnerability just adds to the pile. This time around it is related to the way in which the office application manages the LsCreateLine() Function.
The flaw could allow a remote user to cause the execution of arbitrary code on the target system. The vulnerability can be exploited via a malicious Word document. When the user executes such a file he unknowingly triggers a memory access error in the LsCreateLine() function in mso.dll, paving the way for the execution of arbitrary code. The flaw is triggered by the inability of one of the functions in mso.dll, namely the exported function LsCreateLine(), that contains a boundary error, to manage a specially created file and it leads to invalid memory access and arbitrary overwrites. After just 4 bytes of arbitrary memory are overwritten, code executions become possible. The worrying aspect of this vulnerability is that it requires no interaction from the user, as it takes place on file load. As of now it has been established that the affected versions are Microsoft Word 2003, 2002 and 2000.
As of yet Microsoft's representatives have not commented in any way the newly found vulnerability. A fix is not available at this time.