=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN039
_____________________________________________________________________

DATE                      : 13/02/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Works File
                                Converter, Office 2003, Works 8.0,
                                Works Suite 2005.

======================================================================

MS08-011 - Important - Vulnerabilities in Microsoft Works File Converter
Could Allow Remote Code Execution (947081)

    Published: February 12, 2008
    Version: 1.0

    This important security update resolves three privately reported
    vulnerabilities in the Microsoft Works File Converter. These
    vulnerabilities could allow remote code execution if a user opens a
    specially crafted Works (.wps) file with an affected version of
    Microsoft Office, Microsoft Works, or Microsoft Works Suite. An attacker
    who successfully exploited this vulnerability could take complete
    control of an affected system. An attacker could then install programs;
    view, change, or delete data; or create new accounts with full user
    rights.


Affected Software

    o Microsoft Office 2003 Service Pack 2 - Microsoft Works 6 File
      Converter

    o Microsoft Office 2003 Service Pack 3 - Microsoft Works 6 File
      Converter

    o Microsoft Works 8.0 - Microsoft Works 6 File Converter

    o Microsoft Works Suite 2005 - Microsoft Works 6 File Converter


Vulnerability Information

Microsoft Works File Converter Input Validation Vulnerability -
CVE-2007-0216

    A remote code execution vulnerability exists in Microsoft Works File
    Converter due to the way that it improperly validates section length
    headers with the .wps format. An attacker who successfully exploited
    this vulnerability could take complete control of an affected system.
    An attacker could then install programs; view, change, or delete data;
    or create new accounts.

Workarounds for Microsoft Works File Converter Input Validation
Vulnerability - CVE-2007-0216

    o Disable installed copies of the Works File Converter by restricting
      access to WKCVQD01.DLL

    o Prevent WKCVQD01.DLL from being installed

    o Do not open or save Microsoft Works files that you receive from
      untrusted sources or that you receive unexpectedly from trusted
      sources. This vulnerability could be exploited when a user opens a
      specially crafted file.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================