McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business Home McAfee Labs Threat Intelligence

(MS09-073) WordPad and Office Text converter Memory Corruption Vulnerability (975539)

Threat Detail

Vulnerability Type: Logic error

Impact of Exploitation: Maliciously Crafted File

CVE Reference: N/A

Next Steps:

Overview

There is a vulnerability in WordPad and Microsoft Office Word that could allow for remote code execution.

There is a vulnerability in WordPad and Microsoft Office Word that could allow for remote code execution. The vulnerability exists in the way that text converters in WordPad and Microsoft Office Word process memory when a user opens a specially crafted Word 97 file. Successful exploitation of this vulnerability could allow an attacker to take complete control of an affected system remotely.

Attack Vector

Maliciously Crafted File

User Interaction

user interaction is needed

Vendor Status

Responded and patched

Vulnerable Systems

Windows   2000 SP4,
Windows   2003 Server SP 2,
Windows   2003 Server X64 SP2,
Windows   XP SP2,
Windows   XP SP3,
Windows   XP X64 Professional,

Timeline

2009-12-08

Vendor has provided a patch.

Recommendations

The vendor has released patches to address this issue
http://www.microsoft.com/technet/security/bulletin/ms09-073.mspx

Recommendations McAfee Product Mitigation

Additional Resources

(MS09-073) WordPad and Office Text converter Memory Corruption Vulnerability (975539)
http://www.microsoft.com/technet/security/bulletin/ms09-073.mspx

United States - English