PCWorks: Microsoft Wordpad Word for Windows Converter Buffer Overflow Vulnerabilities

[Support-OrpheusComputing.com]

TITLE:
Microsoft Wordpad Word for Windows Converter Buffer Overflow
Vulnerabilities

SECUNIA ADVISORY ID:
SA13462

VERIFY ADVISORY:
http://secunia.com/advisories/13462/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
>From remote

OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
Microsoft Windows 98
http://secunia.com/product/12/
Microsoft Windows 98 Second Edition
http://secunia.com/product/13/
Microsoft Windows Millenium
http://secunia.com/product/14/
Microsoft Windows NT 4.0 Server
http://secunia.com/product/18/
Microsoft Windows NT 4.0 Server, Terminal Server Edition
http://secunia.com/product/19/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows XP Professional
http://secunia.com/product/22/

DESCRIPTION:
Some vulnerabilities have been reported in Microsoft Wordpad, 
which
can be exploited by malicious people to compromise a user's 
system.

The vulnerabilities are caused due to boundary errors in the 
table
and font conversion in the Word for Windows 6.0 converter. This 
can
e.g. be exploited via a malicious ".wri", ".rtf", or ".doc"
document.

Successful exploitation can lead to execution of arbitrary 
code.

NOTE: Exploitation requires that the handler for Word for 
Windows 6.0
converter is enabled.

SOLUTION:
Apply patches.

Microsoft Windows NT Server 4.0 (requires Service Pack 6a):
http://www.microsoft.com/downloads/details.aspx?FamilyId=AC2DE442-6C98-4545-8072-2BE4064466CD

Microsoft Windows NT Server 4.0 Terminal Server Edition 
(requires
Service Pack 6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=A49CC5E2-1072-4BF6-A7F3-029957EBB1C2

Microsoft Windows 2000 (requires Service Pack 3 or Service Pack 
4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C4B9D079-13F0-4E1E-834B-D2077838B9E1

Microsoft Windows XP (requires Service Pack 1 or Service Pack 
2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=703DE7D8-68D9-4A92-8C59-87221F89EF14

Microsoft Windows XP 64-Bit Edition (requires Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=A7A5077B-4BF0-441A-AB43-D6A5E1B698E9

Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=005930C0-4C3F-4FD3-9E08-D586632C5486

Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D1747015-10C8-411F-8C26-773B59008FD8

Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=005930C0-4C3F-4FD3-9E08-D586632C5486

For other versions of Microsoft Windows disable the Word for 
Windows
converter.

ORIGINAL ADVISORY:
MS04-041 (KB885836):
http://www.microsoft.com/technet/security/bulletin/ms04-041.mspx

----------------------------------------------------------------------
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================