(MS09-010) Microsoft WordPad and Office Text Converter Memory Corruption Vulnerability (960477)

Threat Detail

Vulnerability Type: Buffer Overflow

Impact of Exploitation: Website or e-mail with malicious content

CVE Reference: N/A

Next Steps:

Overview
Timeline
Recommendations
Additional Resources

Overview

A vulnerability in Microsoft Office Word and the Office Text Converters may allow for remote code execution.

A vulnerability in Microsoft Office Word and the Office Text Converters may allow for remote code execution. The flaw is specific to the method used to proces smemory when users open specially-crafted (malicious) Word 6 documents which contain certain malformed data. Sucesful exploitation can be achieved via a web page or email attack in which users are lured into clicking a file, or a link to a malicious file.

Attack Vector

Website or e-mail with malicious content

User Interaction

user interaction is needed

Vendor Status

Responded and patched

Vulnerable Systems

Windows 2000 SP4,
Windows 2003 Itanium SP2,
Windows 2003 SP2,
Windows XP SP3,
Windows XP X64 SP2,
Windows 2003 x64 SP2,
Word 2000 SP3,
Word 2002 SP3,

Timeline

2009-04-14

Vendor has provided a patch.

Recommendations

The vendor has released a patch to address this issue:
http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx

Recommendations McAfee Product Mitigation

Additional Resources

Vulnerability in Wordpad and Office Text Converters could allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx