Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-010.
Impact
Successful exploitation will let the attacker craft malicious arbitrary codes into the files and can trick the user to open those crafted documents which may lead to remote arbitrary code execution inside the context of the affected system.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx
Insight
- Input validation error when parsing document files i.e. Office files, RTF, Wordperfect files or Write files.
Affected
WordPad on MS Windows 2K/XP/2K3
MS Office 2000 Word Service Pack 3
MS Office XP Word Service Pack 3
MS Office Converters Pack
References
Severity
Classification
-
CVE CVE-2008-4841, CVE-2009-0087, CVE-2009-0088, CVE-2009-0235 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
- Microsoft .NET Framework Privilege Elevation Vulnerability (3005210)
- Microsoft .NET Framework Multiple Vulnerabilities (2916607)
- Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
- Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)