Signature Detail

HTTP: Microsoft WordPad and Office Text converter Integer Overflow

his signature detects attempts to exploit a known integer overflow vulnerability in Microsoft WordPad and Office Text converter. It is due to lack of input validation while parsing specially crafted Word 97 documents. Remote attackers can exploit this by enticing a target user to open a malicious Word 97 document, potentially causing arbitrary code to be injected and executed in the security context of the current user. In a successful code injection attack, the behaviour of the target is dependent on the intention of the malicious code. In an unsuccessful attack, the application can terminate as a result of invalid memory access.

Extended Description

Microsoft WordPad and Office Text Converters are prone to a remote memory-corruption vulnerability. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions.

Affected Products

• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Office Converter Pack
• Microsoft Office XP SP1
• Microsoft Office XP SP2
• Microsoft Office XP SP3
• Microsoft Office XP
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional SP3
• Microsoft Windows 2000 Professional SP4
• Microsoft Windows 2000 Professional
• Microsoft Windows Server 2003 SP1
• Microsoft Windows Server 2003 SP2
• Microsoft Windows Server 2003 Datacenter Edition SP1
• Microsoft Windows Server 2003 Datacenter x64 Edition SP2
• Microsoft Windows Server 2003 Datacenter x64 Edition
• Microsoft Windows Server 2003 Enterprise Edition SP1
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
• Microsoft Windows Server 2003 Enterprise Edition Itanium
• Microsoft Windows Server 2003 Enterprise x64 Edition SP2
• Microsoft Windows Server 2003 Enterprise x64 Edition
• Microsoft Windows Server 2003 Itanium SP1
• Microsoft Windows Server 2003 Itanium SP2
• Microsoft Windows Server 2003 Itanium
• Microsoft Windows Server 2003 Standard Edition SP1
• Microsoft Windows Server 2003 Standard Edition SP2
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Standard x64 Edition
• Microsoft Windows Server 2003 Terminal Services
• Microsoft Windows Server 2003 Web Edition SP1
• Microsoft Windows Server 2003 Web Edition SP2
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows Server 2003 x64 SP1
• Microsoft Windows Server 2003 x64 SP2
• Microsoft Windows XP
• Microsoft Windows XP 64-bit Edition SP1
• Microsoft Windows XP 64-bit Edition
• Microsoft Windows XP Home SP1
• Microsoft Windows XP Home SP2
• Microsoft Windows XP Home SP3
• Microsoft Windows XP Home
• Microsoft Windows XP Media Center Edition SP1
• Microsoft Windows XP Media Center Edition SP2
• Microsoft Windows XP Media Center Edition SP3
• Microsoft Windows XP Media Center Edition
• Microsoft Windows XP Professional SP1
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Professional SP3
• Microsoft Windows XP Professional
• Microsoft Windows XP Professional x64 Edition SP2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows XP Tablet PC Edition SP1
• Microsoft Windows XP Tablet PC Edition SP2
• Microsoft Windows XP Tablet PC Edition SP3
• Microsoft Windows XP Tablet PC Edition
• Microsoft Works 8.5

References

• BugTraq: 37216
• CVE: CVE-2009-2506