About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

Microsoft Works Converters Code Execution Vulnerability (MS09-024)

VUPEN ID VUPEN/ADV-2009-1543
CVE ID CVE-2009-1533
 
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Critical 
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2009-06-09
Share Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

A vulnerability has been identified in Microsoft Office, Word and Works, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error when processing a specially crafted Works file, which could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into opening a malicious file.

Affected Products

Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System Service Pack 1

Microsoft Office Word 2000 Service Pack 3
Microsoft Office Word 2002 Service Pack 3
Microsoft Office Word 2003 Service Pack 3 with the Microsoft Works 6–9 File Converter
Microsoft Office Word 2007 Service Pack 1

Microsoft Works version 8.5
Microsoft Works version 9

Solution 

Apply patches :
http://www.microsoft.com/technet/security/bulletin/ms09-024.mspx

References

http://www.vupen.com/english/advisories/2009/1543
http://www.microsoft.com/technet/security/bulletin/ms09-024.mspx

In-depth Binary Analysis 

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 
Private Exploit or PoC 

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 
Credits 

Vulnerability reported by Shaun Colley (NGS Software) and Yuji Ukai (Fourteenforty Research Institute, Inc).

Changelog 

2009-06-09 : Initial release

Feedback 

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Aug 2010


  Critical Risk

 : 0%

  High Risk		 : 0%

  Moderate Risk		 : 0%

  Low Risk		 : 100%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 





© 2004-2010 VUPEN Security - Copyright - Privacy Policy