Windows : Microsoft Bulletins : WordPad and Office Text Converters Remote Code Execution Vulnerability (975539)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.901068

Kategorie: Windows : Microsoft Bulletins

Titel: WordPad and Office Text Converters Remote Code Execution Vulnerability (975539)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS09-073.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-073.

Vulnerability Insight:
The issue is caused by a memory corruption error in the way that the text
converter for Word 97 (included as part of WordPad and as part of the Office
text converters) parses a specially crafted Word 97 document.

Vulnerability Impact:
Successful exploitation will allow remote attackers to crash an affected
application or execute arbitrary code by tricking a user into opening a specially crafted document.

Affected Software/OS:
- Microsoft Works 8.5

- Microsoft Office Converter Pack

- Microsoft Office XP Service Pack 3

- Microsoft Office 2003 Service Pack 3

- Microsoft Office Word 2002 Service Pack 3

- Microsoft Office Word 2003 Service Pack 3

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

- Microsoft Windows 2000 Service Pack 4 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-2506
BugTraq ID: 37216
http://www.securityfocus.com/bid/37216
Cert/CC Advisory: TA09-342A
http://www.us-cert.gov/cas/techalerts/TA09-342A.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834
Microsoft Security Bulletin: MS09-073
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846

Copyright Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.901068
Kategorie:	Windows : Microsoft Bulletins
Titel:	WordPad and Office Text Converters Remote Code Execution Vulnerability (975539)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS09-073.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-073. Vulnerability Insight: The issue is caused by a memory corruption error in the way that the text converter for Word 97 (included as part of WordPad and as part of the Office text converters) parses a specially crafted Word 97 document. Vulnerability Impact: Successful exploitation will allow remote attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted document. Affected Software/OS: - Microsoft Works 8.5 - Microsoft Office Converter Pack - Microsoft Office XP Service Pack 3 - Microsoft Office 2003 Service Pack 3 - Microsoft Office Word 2002 Service Pack 3 - Microsoft Office Word 2003 Service Pack 3 - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2K3 Service Pack 2 and prior - Microsoft Windows 2000 Service Pack 4 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2506 BugTraq ID: 37216 http://www.securityfocus.com/bid/37216 Cert/CC Advisory: TA09-342A http://www.us-cert.gov/cas/techalerts/TA09-342A.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834 Microsoft Security Bulletin: MS09-073 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846
Copyright	Copyright (C) 2009 Greenbone AG