Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Wordpad / Office Text Converters memory corruption
updated since 09.12.2009
Published:10.12.2009
Source:
SecurityVulns ID:10454
Type:client
Threat Level:
6/10
Description:Memory corruption on Office 97 documents parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Office XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Office 2003
CVE:CVE-2009-2506 (Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 12.08.09: Microsoft WordPad Word97 Converter Integer Overflow Vulnerability (10.12.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) (09.12.2009)
Files:Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod