Secunia

Multiple vulnerabilities have been reported in Microsoft Windows and Microsoft Office, which can be exploited by malicious people to compromise a user's system.

1) A boundary error in the WordPad Text Converter for Word 97 files can be exploited to cause a stack-based buffer overflow via a specially crafted Word 97 document.

NOTE: According to Microsoft, the vulnerability is currently being actively exploited.

2) An unspecified error when parsing data in Word 6 files can be exploited to corrupt memory via a specially crafted Word 6 document.

3) An error in the WordPerfect 6.x converter when parsing strings can be exploited to cause a stack-based buffer overflow via a specially crafted WordPerfect document.

4) A boundary error in WordPad Word 97 Text Converter can be exploited to cause a stack-based buffer overflow via a specially crafted Word 97 document..

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1) Reported as a 0-day.
2) The vendor credits Fortinet FortiGuard Global Security Research Team.
3) an anonymous researcher, reported via iDefense
4) Sean Larsson and Jun Mao, iDefense

Changelog
Further details available in Customer Area

Original Advisory
MS09-010 (KB960477, KB921606, KB933399, KB960476):
http://www.microsoft.com/technet/security/Bulletin/MS09-010.mspx

Microsoft (KB960906):
http://www.microsoft.com/technet/security/advisory/960906.mspx

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=783

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area