Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-010.
Impact
Successful exploitation will let the attacker craft malicious arbitrary codes into the files and can trick the user to open those crafted documents which may lead to remote arbitrary code execution inside the context of the affected system.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx
Insight
- Input validation error when parsing document files i.e. Office files, RTF, Wordperfect files or Write files.
Affected
WordPad on MS Windows 2K/XP/2K3
MS Office 2000 Word Service Pack 3
MS Office XP Word Service Pack 3
MS Office Converters Pack
References
Severity
Classification
-
CVE CVE-2008-4841, CVE-2009-0087, CVE-2009-0088, CVE-2009-0235 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
- Cumulative Security Update for Internet Explorer (939653)
- Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
- Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
- Microsoft DirectAccess Security Advisory (2862152)