SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Office Vendors:   Microsoft
Microsoft WordPad and Office Text Converter Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022043
SecurityTracker URL:  http://securitytracker.com/id/1022043
CVE Reference:   CVE-2009-0087, CVE-2009-0088, CVE-2009-0235   (Links to External Site)
Date:  Apr 14 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in Microsoft Office in WordPad and Office Text Converters. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A specially crafted Word 6 file can trigger memory corruption [CVE-2009-0087]. A researcher with Fortinet s FortiGuard Global Security Research Team reported this vulnerability.

A specially crafted WordPerfect 6.x file can trigger a stack overflow [CVE-2009-0088]. A researcher with VeriSign iDefense Labs reported this vulnerability.

A specially crafted Word document can trigger stack overflow [CVE-2009-0235]. Sean Larsson and Jun Mao of VeriSign iDefense Labs reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=552d322a-5282-42c7-9c1e-1d8c494a7318

Windows XP Service Pack 2 and Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=50a8519a-503e-43dd-a78a-c1bc764fd213

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=323f4211-5add-4e02-bce1-e5a1b489982c

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=2233a4d2-7c8a-4c89-b020-100d9afb43c8

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=323f4211-5add-4e02-bce1-e5a1b489982c

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=e840b9cb-f1f4-482a-aa07-eb6b42b477c4

Microsoft Office 2000 Service Pack 3, Microsoft Office Word 2000 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=95876927-e612-414c-bdec-3632a3100415

Microsoft Office XP Service Pack 3, Microsoft Office Word 2002 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=e1db55c6-78fb-498d-89a5-9ad54d971546

Microsoft Office Converter Pack:

http://www.microsoft.com/downloads/details.aspx?familyid=d763fae3-b2af-47f9-a554-ec786766b3c3

A restart may be required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-010.mspx (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)
Underlying OS Comments:  2000 SP4, 2003 SP2, XP SP3; and prior service packs

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC