Lucene search

SAINT CorporationSAINT:9AB6B60FFAAF6DE5488FE10373B2396A

HistoryJun 15, 2009 - 12:00 a.m.

Microsoft Works File Converter FontName buffer overflow

2009-06-1500:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.877 High

EPSS

Percentile

98.6%

JSON

Added: 06/15/2009
CVE: CVE-2009-1533
BID: 35184
OSVDB: 54939

Background

The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files.

Problem

A buffer overflow vulnerability in the Microsoft Works File Converter allows command execution when a user opens a WPS file containing a specially crafted FontName in a Font structure.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-024.

References

<http://www.microsoft.com/technet/security/bulletin/ms09-024.mspx>

Limitations

Exploit works on Microsoft Word 2002 SP3 and requires a user to open the exploit file.

Platforms

Windows XP

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.877 High

EPSS

Percentile

98.6%

JSON

Related for SAINT:9AB6B60FFAAF6DE5488FE10373B2396A