WordPad Text Converters Remote Code Execution Vulnerability (2485663) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS11-033.

Impact

Successful exploitation of this issue may allow attackers to execute arbitrary code in the context of a logged-on user by tricking a user to open specially crafted Word document. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS11-033.mspx

Insight

A flaw exists in the Microsoft WordPad text converter, which incorrectly parses specific fields in a Word document.

Affected

Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2003 Service Pack 2 and prior.

References

http://support.microsoft.com/kb/2485663
http://www.microsoft.com/technet/security/Bulletin/MS11-033.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0028
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Security Update for Internet Explorer (961260)
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
Microsoft DirectAccess Security Advisory (2862152)
Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)

Take action and discover your vulnerabilities