=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN159
_____________________________________________________________________

DATE                      : 15/04/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft WordPad,
                                  Microsoft Office Text Converters.

======================================================================
KB960477
http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx
______________________________________________________________________

Microsoft Security Bulletin MS09-010 - Critical

Vulnerabilities in WordPad and Office Text Converters Could Allow Remote
Code Execution (960477)

   Published: April 14, 2009

   Version: 1.0

General Information

Executive Summary

   This security update resolves two publicly disclosed vulnerabilities and
   two privately reported vulnerabilities in Microsoft WordPad and Microsoft
   Office text converters. The vulnerabilities could allow remote code
   execution if a specially crafted file is opened in WordPad or Microsoft
   Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect
   files from untrusted sources using affected versions of WordPad or
   Microsoft Office Word.

   This security update is rated Critical for supported editions of Microsoft
   Office Word 2000. This security update is also rated Important for
   supported editions of Microsoft Office Word 2002; Microsoft Office
   Converter Pack; and WordPad on all supported editions of Microsoft Windows
   2000, Windows XP, and Windows Server 2003. For more information, see the
   subsection, Affected and Non-Affected Software, in this section.

   This security update addresses the vulnerabilities by modifying the way
   that Microsoft Office Word and Office text converters handle opening
   specially crafted Word 6.0, Windows Write, and WordPerfect documents. This
   security update also addresses the vulnerabilities by implementing fixes
   to WordPad and by preventing WordPad on affected platforms from opening
   Word 6.0 and Windows Write files. For more information about the
   vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for
   the specific vulnerability entry under the next section, Vulnerability
   Information.

   Recommendation. Microsoft recommends that customers apply the update
   immediately.

Affected Software

   Microsoft Windows 2000 Service Pack 4
   Windows XP Service Pack 2 and Windows XP Service Pack 3
   Windows XP Professional x64 Edition and Windows XP Professional x64
     Edition Service Pack 2
   Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
   Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
     Service Pack 2
   Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server
     2003 with SP2 for Itanium-based Systems
   Microsoft Office 2000 Service Pack 3
   Microsoft Office XP Service Pack 3
   Microsoft Office Converter Pack

Vulnerability Information

WordPad and Office Text Converter Memory Corruption Vulnerability -
CVE-2009-0087

A remote code execution vulnerability exists in the way that text converters
in WordPad and Microsoft Office process memory when a user opens a specially
crafted Word 6 file that includes malformed data.

WordPad Word 97 Text Converter Stack Overflow Vulnerability - CVE-2008-4841

A remote code execution vulnerability exists in the way that Microsoft
WordPad processes memory when parsing a specially crafted Word 97 document.
The vulnerability could allow remote code execution if a user opens a
specially crafted Word file that includes a malformed list structure.

Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability -
CVE-2009-0088

A remote code execution vulnerability exists in the way that the WordPerfect
6.x converter that is included with Microsoft Office Word 2000 processes
memory when parsing a specially crafted WordPerfect document.

WordPad Word 97 Text Converter Stack Overflow Vulnerability - CVE-2009-0235

A remote code execution vulnerability exists in WordPad as a result of
memory corruption when a user opens a specially crafted Word file.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================