HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-75
Microsoft Works Converters Remote Code Execution Vulnerability

Original Issue Date:June 11, 2009

Severity Rating: High

Softwares Affected

  • MMicrosoft Office Word 2000 SP3
  • Microsoft Office Word 2002 SP3
  • Microsoft Office Word 2003 SP3 (if installed with the Microsoft Works 6–9 File Converter)
  • Microsoft Office Word 2007 SP1
  • Microsoft Works 8.5
  • Microsoft Works 9

Overview

A vulnerability has been reported in Microsoft Office which could allow an unauthenticated, remote attacker to execute arbitrary code in user's context and could take complete control of an affected system.

Description

This is a remote code execution vulnerability caused due to insufficient boundary restrictions on user-supplied data.  The Office Works file converter, provided by works432.cnv   or   works632.cnv , fails to check the length of input before use in memory operations. 

An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to open a specially-crafted .wps file, which will trigger a memory corruption error in the Works for Windows document converters and execute arbitrary code with the privileges of the user and could take complete control of an affected system.

Workarounds

  • For Word 2000 and Word 2002, disable the Works 4.x converter by restricting access
  • For Word 2003 with the Microsoft Works 6–9 File Converter and Word 2007, disable the Works 6-9 converter by restricting access

For detailed steps and impact of applying these workarounds refer to Microsoft Security Bulletin MS09-024

Solution

Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS09-024

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/MS09-024.mspx

References

SecurityFocus
http://www.securityfocus.com/bid/35184

SecurityTracker
http://www.securitytracker.com/alerts/2009/Jun/1022354.html

Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=18419

Vupen
http://www.vupen.com/english/advisories/2009/1543

Secunia
http://secunia.com/advisories/35371/

CVE Name
CVE-2009-1533

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003