Secunia

Community Login

Customer Login

Partner Login

Overview

Advisories

Research

Forums

Create Profile

Our Commitment

Database

Advisories by Product

Advisories by Vendor

Terminology

Report Vulnerability

Insecure Library Loading

Secunia Advisory SA37580

Microsoft WordPad / Office Text Converters Integer Overflow Vulnerabilities

Secunia Advisory

SA37580

Release Date

2009-12-08

Last Update

2009-12-10

Popularity

8,307 views

Comments

0 comments

Criticality level

Highly critical

Impact

System access

Where

From remote

Authentication level

Available in Customer Area

Report reliability

Available in Customer Area

Solution Status

Vendor Patch

Secunia PoC

Available in Customer Area

Secunia analysis

Available in Customer Area

Systems affected

Available in Customer Area

Approve distribution

Available in Customer Area

Remediation status

Secunia CSI, Secunia PSI

Automated scanning

Secunia CSI, Secunia PSI

Operating System

Microsoft Windows 2000 Advanced Server

Microsoft Windows 2000 Datacenter Server

Microsoft Windows 2000 Professional

Microsoft Windows 2000 Server

Microsoft Windows Server 2003 Datacenter Edition

Microsoft Windows Server 2003 Enterprise Edition

Microsoft Windows Server 2003 Standard Edition

Microsoft Windows Server 2003 Web Edition

Microsoft Windows Storage Server 2003

Microsoft Windows XP Home Edition

Microsoft Windows XP Professional

Software:

Microsoft Office 2003 Professional Edition

Microsoft Office 2003 Small Business Edition

Microsoft Office 2003 Standard Edition

Microsoft Office 2003 Student and Teacher Edition

Microsoft Office File Converter Pack

Secunia CVSS Score

Available in Customer Area

CVE Reference(s)

CVE-2009-2506 CVSS available in Customer Area

Description

Two vulnerabilities have been reported in Microsoft Windows and Microsoft Office, which can be exploited by malicious people to compromise a user's system.

1) An integer overflow error exists in Wordpad and Office text converters when parsing the "DocumentSummaryInformation" stream inside a Word 97 document. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a file with a specially crafted value specifying the number of property names present.

2) A second integer overflow error exists in Wordpad and Office text converters when parsing certain information inside a Word 97 document. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1) Jun Mao and Sean Larsson, iDefense Labs.
2) Silent fix noticed by Secunia Research during analysis of released patches.

Changelog
Further details available in Customer Area

Original Advisory
MS09-073 (KB973904, KB974882, KB975008, KB975051, KB975539):
http://www.microsoft.com/technet/security/Bulletin/MS09-073.mspx

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834

Alternate/detailed remediation
Further details available in Customer Area

Deep Links
Links available in Customer Area

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Microsoft WordPad / Office Text Converters Integer Overflow Vulnerabilities

No posts yet

Secunia

Secunia Advisory SA37580

Microsoft WordPad / Office Text Converters Integer Overflow Vulnerabilities

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?