Microsoft Works File Converter Multiple Vulnerabilities( 13 February 2008 )
RISK: Medium Risk
1. Microsoft Works File Converter Input Validation Vulnerability
A remote code execution vulnerability exists in Microsoft Works File Converter due to the way that it improperly validates section length headers with the .wps format. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
2. Microsoft Works File Converter Index Table Vulnerability
A remote code execution vulnerability exists in Microsoft Works File Converter due to the way that it improperly validates section header index table information with the .wps file format. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
3. Microsoft Works File Converter Field Length Vulnerability
A remote code execution vulnerability exists in Microsoft Works File Converter due to the way that it improperly validates various field lengths information with the .wps file format. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Works 6 File Converter
- - Microsoft Office 2003 Service Pack 2
- - Microsoft Office 2003 Service Pack 3
- - Microsoft Works 8.0
- - Microsoft Works Suite 2005
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Works 6 File Converter
- - Microsoft Office 2003 Service Pack 2
- - Microsoft Office 2003 Service Pack 3
- - Microsoft Works 8.0
- - Microsoft Works Suite 2005
Vulnerability Identifier
Source
Related Link
Share with