Signature Detail

HTTP: Microsoft WordPad and Office Text converter Integer Overflow

his signature detects attempts to exploit a known integer overflow vulnerability in Microsoft WordPad and Office Text converter. It is due to lack of input validation while parsing specially crafted Word 97 documents. Remote attackers can exploit this by enticing a target user to open a malicious Word 97 document, potentially causing arbitrary code to be injected and executed in the security context of the current user. In a successful code injection attack, the behaviour of the target is dependent on the intention of the malicious code. In an unsuccessful attack, the application can terminate as a result of invalid memory access.

Extended Description

Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.

Affected Products

• Microsoft office_converter_pack *
• Microsoft office_word 2002
• Microsoft office_word 2003
• Microsoft windows_2000 *
• Microsoft windows_server_2003 *
• Microsoft windows_xp *
• Microsoft wordpad *
• Microsoft works 8.5

References

• BugTraq: 37216
• CVE: CVE-2009-2506