CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS09-010 | Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) | Microsoft Office | Critical | 15-04-2009 |
Technical Information
Brief overview of the risk:
This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word.
Detailed Information on the risk:
A remote code execution vulnerability exists in the way that text converters in WordPad and Microsoft Office process memory when a user opens a specially crafted Word 6 file that includes malformed data. Further information on this exploit is available at : MS09-010
Affected Software
Microsoft Office 2000 Service Pack 3Microsoft Office Converter Pack
Microsoft Office XP Service Pack 3
Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Windows Internet Explorer 7 (Windows XP Professional x64 Edition)