VRT Advisories


VRT Tool 2006-12-11

Sourcefire VRT Tool Update

Date: 2006-12-11

Synopsis:

The Sourcefire VRT has continued research into a vulnerability affecting Microsoft Word documents and has updated the OfficeCat tool to process Microsoft Word files to determine the presence of possible exploit conditions.

Details:

Vulnerability in Microsoft Word CVE-2006-5994:
Microsoft Word suffers from a vulnerability that may allow a remote attacker to execute code of their choosing on an affected host when malformed word files are processed by the application. The OfficeCat tool is able to process these files to determine the possible presence of exploit conditions in a file.

This vulnerability is outlined in Microsoft Security Advisory 929433, the OfficeCat tool has been updated to include support for the vulnerability outlined in this advisory.

The OfficeCat tool is able to process Word, Excel and PowerPoint files and will return the appropriate reference information should possible exploit conditions be present in the document.

OfficeCat Tool Download:

Download zip archive here.

Usage Instructions:

  1. Unzip the archive
  2. Open a command shell
  3. Execute the tool executable with a document name for checking

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities.

About Sourcefire

Sourcefire, Inc., the world leader in intrusion prevention, is transforming the way organizations manage and minimize network security risks with its 3D Approach - Discover, Determine, Defend - to securing real networks in real-time. For more information about Sourcefire, please visit www.sourcefire.com.