| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability announce CVE-2009-2506
WordPad, Word: code execution via Word 97
Synthesis of the vulnerability
| An attacker can invite the victim to open a malicious file in the Word 97 format, in order to execute code when it is converted by WordPad or Word. |
Severity: 3/4.
Creation date: 09/12/2009.
|
Description of the vulnerability
When users open a document in an old format, Microsoft Office Word and Windows WordPad software recognize it, and convert it automatically.
However, the Word 97 format converter does not correctly manage the DocumentSummaryInformation field from the document, which corrupts the memory.
An attacker can therefore invite the victim to open a malicious file in the Word 97 format, in order to execute code when it is converted by WordPad or Word. |
Complete Vigil@nce bulletin
Characteristics
Title: WordPad, Word: code execution via Word 97.
Keywords: DocumentSummaryInformation Microsoft Office Windows Word WordPad code execution.
Identifiers: 975539, BID-37216, CVE-2009-2506, MS09-073, VIGILANCE-VUL-9247.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service
|