Content
(MS09-010) Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability (960477)
- Type
- Buffer Overflow
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Maliciously Crafted File
- Rating
- Medium
- CVE reference
- CVE-2009-0088,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Word 2000 SP3,
- Summary
- A vulnerability in Microsoft Word may allow for remote code execution.
Tab Navigation
Description
A vulnerability in Microsoft Word may allow for remote code execution. The flaw is specific to a stack corruption error when processing malformed WordPerfect documents via the WordPerfect 6.x converter.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-010) Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability (960477)
- Signature identifier:
- 6596
- Release date:
- 4/14/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability
- Signature identifier:
- 0x4025D700
- Release date:
- 4/14/2009
- First released in:
- 5.1.17, 4.1.47
The Remedy V-Flash of 4/14/2009 will contain remedies for Windows and Office XP. Office 2000 requires manual interaction.
Additional Resources
Vulnerabilities in WordPad and Office Text Converters could allow Remote Code Execution (960477)
http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx
All Information
Timeline -
4/14/2009
Vendor has provided a patch.
Description -
A vulnerability in Microsoft Word may allow for remote code execution. The flaw is specific to a stack corruption error when processing malformed WordPerfect documents via the WordPerfect 6.x converter.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-010) Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability (960477)
- Signature identifier:
- 6596
- Release date:
- 4/14/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability
- Signature identifier:
- 0x4025D700
- Release date:
- 4/14/2009
- First released in:
- 5.1.17, 4.1.47
The Remedy V-Flash of 4/14/2009 will contain remedies for Windows and Office XP. Office 2000 requires manual interaction.
Additional Resources
Additional Resources -
Vulnerabilities in WordPad and Office Text Converters could allow Remote Code Execution (960477)
http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx