----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)  

If not, then implement it through the most reliable vulnerability
intelligence source on the market. 

Implement it through Secunia. 

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com

----------------------------------------------------------------------

TITLE:
Microsoft WordPad / Office Text Converters Memory Corruption
Vulnerability

SECUNIA ADVISORY ID:
SA37580

VERIFY ADVISORY:
http://secunia.com/advisories/37580/

DESCRIPTION:
A vulnerability has been reported in Microsoft Windows and Microsoft
Office, which can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to an error in Wordpad and Office
text converters when parsing Word 97 documents. This can be exploited
to corrupt memory by tricking a user into opening a specially crafted
file.

Successful exploitation may allow execution of arbitrary code.

SOLUTION:
Apply patches.

Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=50936f51-b0a9-4e94-85bf-93f9ad74fdd1

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=c090c4c2-c277-4d8c-91e1-28286bc5443e

Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=4b9bf156-cd34-460f-b4ad-571e37f54659

Windows Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=b9678229-2473-4aae-a814-eca9ea556d17

Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=257facf3-20a1-49e2-ab4c-c1ae67fe05a0

Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=1a7784ef-5d25-4de1-a293-f742b5a3473d

Microsoft Office Word 2002 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=bc3ec3ba-2cec-43ab-b184-c222794231f2

Microsoft Office Word 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=b4a4126c-b0b3-4db2-b6f5-0e67519c2a5f

Microsoft Works 8.5:
http://www.microsoft.com/downloads/details.aspx?familyid=807426a1-8b78-4681-a606-dc39f4d7b64a

Microsoft Office Converter Pack:
http://www.microsoft.com/downloads/details.aspx?familyid=f3ff8bb6-d047-42f1-9331-b6df85fff9fd

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Sean Larsson and Jun Mao, VeriSign iDefense Labs.

ORIGINAL ADVISORY:
MS09-073 (KB973904, KB974882, KB975008, KB975051, KB975539):
http://www.microsoft.com/technet/security/Bulletin/MS09-073.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------