Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:E02FCA15F71F614A8417A79E308F3EB6
HistoryApr 23, 2009 - 12:00 a.m.

Microsoft WordPad Word97 text converter buffer overflow

2009-04-2300:00:00
SAINT Corporation
my.saintcorporation.com
24

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.883 High

EPSS

Percentile

98.7%

JSON

Added: 04/23/2009
CVE: CVE-2009-0235
BID: 34470
OSVDB: 53664

Background

The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files.

Problem

A buffer overflow vulnerability in the Word 97 text converter allows command execution when a user opens a specially crafted file containing an invalid character position value.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-010.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=783&gt;

Limitations

Exploit works on Windows 2000 SP4 and requires a user to open the exploit file in WordPad.

Platforms

Windows 2000

Related

seebug 1
checkpoint_advisories 1
cve 1
saint 3
prion 1
securityvulns 3
cvelist 1
nvd 1
threatpost 1
nessus 1
openvas 2
seebug
seebug
Microsoft Wordpad Word 97θ½¬ζ’ε™¨θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄žοΌˆMS09-010οΌ‰
2009-04-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft WordPad Word 97 Text Converter Text Location Stack Overflow (MS09-010; CVE-2009-0235)
2009-04-14 00:00:00
cve
cve
CVE-2009-0235
2009-04-15 08:00:00
saint
saint
Microsoft WordPad Word97 text converter buffer overflow
2009-04-23 00:00:00
Microsoft WordPad Word97 text converter buffer overflow
2009-04-23 00:00:00
Microsoft WordPad Word97 text converter buffer overflow
2009-04-23 00:00:00
prion
prion
Stack overflow
2009-04-15 08:00:00
securityvulns
securityvulns
iDefense Security Advisory 04.15.09: Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability
2009-04-16 00:00:00
Microsoft Wordpad / Microsoft Works multiple security vulnerabilities
2009-06-10 00:00:00
Microsoft Security Bulletin MS09-010 - Critical Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution &#40;960477&#41;
2009-04-14 00:00:00
cvelist
cvelist
CVE-2009-0235
2009-04-15 03:49:00
nvd
nvd
CVE-2009-0235
2009-04-15 08:00:00
threatpost
threatpost
Microsoft plugs gaping holes in IE, Excel, Windows
2009-04-14 17:56:32
nessus
nessus
MS09-010: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
2009-04-15 00:00:00
openvas
openvas
WordPad and Office Text Converter Memory Corruption Vulnerability (960477)
2008-12-12 00:00:00
WordPad and Office Text Converter Memory Corruption Vulnerability (960477)
2008-12-12 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.883 High

EPSS

Percentile

98.7%

JSON
Related for SAINT:E02FCA15F71F614A8417A79E308F3EB6
seebug1checkpoint_advisories1cve1saint3prion1securityvulns3cvelist1nvd1threatpost1nessus1openvas2