Microsoft VBScript ActiveX Word object denial of service
| ms-activex-word-dos (8815) |  Medium Risk |
Description:
The VBScript ActiveX Word object is vulnerable to a denial of service attack against affected Windows systems. A remote attacker could create a malicious Word document, Web page, or HTML email containing VBScript, which would create a large number of Word documents on the system using the CreateObject ("Word.Application") function. This would consume all available memory resources, if the attacker can convince a victim to open the malicious document or email or visit the malicious Web page.
Consequences:
Denial of Service
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Mon Apr 08 2002 - 14:40:17 CDT: IE Word ActiveX DoS Loop.
- BID-4463: Microsoft VBScript ActiveX Word Object Denial Of Service Vulnerability
Platforms Affected:
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
- Microsoft Outlook 2000
- Microsoft Outlook 2002
- Microsoft Outlook Express 4.0
- Microsoft Outlook Express 5.0
- Microsoft Outlook Express 5.5
- Microsoft Outlook Express 6.0
- Microsoft Word 2000
- Microsoft Word 2002
Reported:
Apr 08, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net