Content
(MS09-010) Microsoft WordPad and Office Text Converter Memory Corruption Vulnerability (960477)
- Type
- Buffer Overflow
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website or e-mail with malicious content
- Rating
- Medium
- CVE reference
- CVE-2009-0087,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Word 2000 SP3,
- Word 2002 SP3,
- Windows 2000 SP4,
- Windows XP SP3,
- Windows XP X64 SP2,
- Windows 2003 SP2,
- Windows 2003 x64 SP2,
- Windows 2003 Itanium SP2,
- Summary
- A vulnerability in Microsoft Office Word and the Office Text Converters may allow for remote code execution.
Tab Navigation
Description
A vulnerability in Microsoft Office Word and the Office Text Converters may allow for remote code execution. The flaw is specific to the method used to proces smemory when users open specially-crafted (malicious) Word 6 documents which contain certain malformed data. Sucesful exploitation can be achieved via a web page or email attack in which users are lured into clicking a file, or a link to a malicious file.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-010) Microsoft WordPad and Office Text Converter Memory Corruption Vulnerability (960477)
- Signature identifier:
- 6597
- Release date:
- 4/14/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft WordPad and Office Text Converter Memory Corruption Vulnerability
- Signature identifier:
- 0x4025D600
- Release date:
- 4/14/2009
- First released in:
- 5.1.17, 4.1.47
Additional Resources
Vulnerability in Wordpad and Office Text Converters could allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx
All Information
Timeline -
4/14/2009
Vendor has provided a patch.
Description -
A vulnerability in Microsoft Office Word and the Office Text Converters may allow for remote code execution. The flaw is specific to the method used to proces smemory when users open specially-crafted (malicious) Word 6 documents which contain certain malformed data. Sucesful exploitation can be achieved via a web page or email attack in which users are lured into clicking a file, or a link to a malicious file.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-010) Microsoft WordPad and Office Text Converter Memory Corruption Vulnerability (960477)
- Signature identifier:
- 6597
- Release date:
- 4/14/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft WordPad and Office Text Converter Memory Corruption Vulnerability
- Signature identifier:
- 0x4025D600
- Release date:
- 4/14/2009
- First released in:
- 5.1.17, 4.1.47
Additional Resources
Additional Resources -
Vulnerability in Wordpad and Office Text Converters could allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx