Skip to main content

Microsoft Works File Converter Multiple Vulnerabilities( 13 February 2008 )

Last Update Date: 28 Jan 2011 Release Date: 13 Feb 2008 2261 Views

RISK: Medium Risk

1. Microsoft Works File Converter Input Validation Vulnerability

A remote code execution vulnerability exists in Microsoft Works File Converter due to the way that it improperly validates section length headers with the .wps format. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

2. Microsoft Works File Converter Index Table Vulnerability

A remote code execution vulnerability exists in Microsoft Works File Converter due to the way that it improperly validates section header index table information with the .wps file format. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

3. Microsoft Works File Converter Field Length Vulnerability

A remote code execution vulnerability exists in Microsoft Works File Converter due to the way that it improperly validates various field lengths information with the .wps file format. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Works 6 File Converter
  • - Microsoft Office 2003 Service Pack 2
  • - Microsoft Office 2003 Service Pack 3
  • - Microsoft Works 8.0
  • - Microsoft Works Suite 2005

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link