Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-010.
Impact
Successful exploitation will let the attacker craft malicious arbitrary codes into the files and can trick the user to open those crafted documents which may lead to remote arbitrary code execution inside the context of the affected system.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx
Insight
- Input validation error when parsing document files i.e. Office files, RTF, Wordperfect files or Write files.
Affected
WordPad on MS Windows 2K/XP/2K3
MS Office 2000 Word Service Pack 3
MS Office XP Word Service Pack 3
MS Office Converters Pack
References
Severity
Classification
-
CVE CVE-2008-4841, CVE-2009-0087, CVE-2009-0088, CVE-2009-0235 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
- Microsoft DirectShow Remote Code Execution Vulnerability (961373)
- Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
- Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability
- Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)