Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) |
Informations | |||
---|---|---|---|
Name | MS09-010 | First vendor Publication | 2009-04-14 |
Vendor | Microsoft | Last vendor Modification | 2009-06-17 |
Severity (Vendor) | Critical | Revision | 1.3 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.3 (June 17, 2009): Corrected bulletin replacement for the Microsoft Office Converter Pack (KB960476) update package. This is an informational change only. Customers who have already successfully installed the update do not need to reinstall.Summary: This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5736 | |||
Oval ID: | oval:org.mitre.oval:def:5736 | ||
Title: | Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability | ||
Description: | The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0088 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Word 2000 Microsoft Office Converter Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5799 | |||
Oval ID: | oval:org.mitre.oval:def:5799 | ||
Title: | WordPad and Office Text Converter Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0087 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Word 2000 Microsoft Word 2002 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5893 | |||
Oval ID: | oval:org.mitre.oval:def:5893 | ||
Title: | WordPad Word 97 Text Converter Stack Overflow Vulnerability | ||
Description: | Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0235 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6050 | |||
Oval ID: | oval:org.mitre.oval:def:6050 | ||
Title: | WordPad Word 97 Text Converter Stack Overflow Vulnerability | ||
Description: | The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4841 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Microsoft WordPad Word97 text converter buffer overflow | More info here |
Microsoft WordPad Word 97 text converter XST buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2008-12-12 | Name : WordPad and Office Text Converter Memory Corruption Vulnerability (960477) File : nvt/secpod_ms_wordpad_mult_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53664 | Microsoft WordPad Word 97 Text Converter File Handling Overflow |
53663 | Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack ... |
53662 | Microsoft WordPad / Office Text Converter Malformed Data Handling Memory Corr... |
50567 | Microsoft Windows WordPad Text Converter Unspecified Memory Corruption |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-04-16 | IAVM : 2009-A-0032 - Multiple Vulnerabilities in WordPad and Office Text Converters Severity : Category I - VMSKEY : V0018752 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-06-19 | Microsoft Office Word WordPerfect converter buffer overflow attempt RuleID : 31032 - Revision : 2 - Type : FILE-OFFICE |
2014-06-19 | Microsoft Office Word WordPerfect converter buffer overflow attempt RuleID : 31031 - Revision : 2 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office WordPad and Office text converters integer underflow attempt RuleID : 23557 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office WordPad and Office text converters integer underflow attempt RuleID : 23556 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office WordPad and Office text converters integer underflow attempt RuleID : 23356 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Word Converter XST structure buffer overflow attempt RuleID : 17406 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Word Converter XST structure buffer overflow attempt RuleID : 17405 - Revision : 11 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Word Converter XST structure buffer overflow attempt RuleID : 17404 - Revision : 13 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office WordPad and Office text converters integer underflow attempt RuleID : 15469 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office WordPad and Office Text Converters PlcPcd aCP buffer overflo... RuleID : 15467 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office WordPad WordPerfect 6.x converter buffer overflow attempt RuleID : 15466 - Revision : 13 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office WordPad and Office Text Converters XST parsing buffer overfl... RuleID : 15455 - Revision : 9 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-15 | Name : It is possible to execute arbitrary code on the remote Windows host using a t... File : smb_nt_ms09-010.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-06-19 21:24:43 |
|
2014-02-17 11:46:11 |
|
2014-01-19 21:30:18 |
|
2013-11-11 12:41:11 |
|