Executive Summary

Summary
Title Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922)
Informations
Name MS10-067 First vendor Publication 2010-09-14
Vendor Microsoft Last vendor Modification 2010-09-14
Severity (Vendor) Important Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.0 (September 14, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS10-067.mspx

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6632
 
Oval ID: oval:org.mitre.oval:def:6632
Title: WordPad Word 97 Text Converter Memory Corruption Vulnerability
Description: The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-2563
 Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 2

OpenVAS Exploits

Date Description
2010-09-15 Name : WordPad Text Converters Remote Code Execution Vulnerability (2259922)
File : nvt/secpod_ms10-067.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
67983 Microsoft Windows WordPad Text Converters Document Parsing Memory Corruption

Microsoft Windows contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is caused due to a boundary error in the Word 97 converter (mswrd8.wpc) when parsing "sprmTSetBrc80" PRLs. This can be exploited to cause a buffer overflow by tricking a user into opening a specially crafted Word 97 document using WordPad. It can allow execution of arbitrary code.

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt
RuleID : 26676 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt
RuleID : 26675 - Revision : 2 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt
RuleID : 18535 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt
RuleID : 17250 - Revision : 18 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2010-09-14 Name : Arbitrary code can be executed on the remote host through opening a Microsoft...
File : smb_nt_ms10-067.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:46:41
  • Multiple Updates
2014-01-19 21:30:31
  • Multiple Updates