Microsoft Works File Converter index table vulnerability

2008-02-22T00:00:00
ID SAINT:7C8086F9B517ACDB5651EDFB20D50B32
Type saint
Reporter SAINT Corporation
Modified 2008-02-22T00:00:00

Description

Added: 02/22/2008
CVE: CVE-2008-0105
BID: 27658
OSVDB: 41458

Background

The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files.

Problem

A buffer overflow vulnerability in the Microsoft Works File Converter allows arbitrary command execution when a user opens a **.wps** file with a specially crafted index table.

Resolution

Apply the update referenced in Microsoft Security Bulletin 08-011.

References

<http://www.microsoft.com/technet/security/bulletin/ms08-011.mspx>

Limitations

Exploit works on Microsoft Word 2003 SP3 and requires a user to open the exploit file.

Platforms

Windows