MS09-073: Vulnerability in WordPad and Office text converters could allow remote code execution

Article translations Article translations
Article ID: 975539 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS09-073. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

MORE INFORMATION

Known issues and more information about this security update

For more information about this security update and for information about any known issues with specific releases of this software, click the following article number to view the article in the Microsoft Knowledge Base:
975008 MS09-073: Description of the security update for Office XP: December 8, 2009
975051 MS09-073: Description of the security update for Office 2003: December 8, 2009
974882 MS09-073: Description of the security update for the Office 2003 File Converter Pack: December 8, 2009
973904 MS09-073: Description of the security update for Windows XP, Windows 2000, Windows Server 2003: December 8, 2009
977304 MS08-073: Description of the security update for Microsoft Works 8: December 8, 2009

Known issues with this security update

  • The binary file Msconv97.dll is a shared binary that is used by Windows security update 973904 and Office security updates 975051 or 975008. If Office is installed on your system and if security update 975051 or 975008 is also installed, both Windows security update 973904 and Office security update 975051 or 975008 might be reoffered if either of them is uninstalled. In this situation, it is okay to accept the reinstallation of either or both of the uninstalled security updates.
  • The Msconv97.dll file has one version number in security update 973904 and another version number in security updates 975051 and 975008. This is expected behavior and does not expose you to risk.

    When you install both security update 973904 and security update in 975051 or 975008, the Msconv97.dll file is updated to the Office version of this specific file that has the highest version number. When the Office update is uninstalled, the version may decrease to the version number that is included with the Windows security update.

    When an older version of Office is installed, this final version number of the Msconv97.dll file may be earlier than what it was before installation of the security update. This does not expose the system to any risk because this file contains no vulnerabilities that were addressed by this security update. When you open a file that requires a converter, Office will automatically reinstall the version of the file that was present before you installed any of the security updates that are referenced by security bulletin MS09-073.

Properties

Article ID: 975539 - Last Review: May 8, 2012 - Revision: 3.0
APPLIES TO
  • Microsoft Office Basic Edition 2003
  • Microsoft Office Standard Edition 2003
  • Microsoft Office Professional Edition 2003
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Office XP Professional Edition
  • Microsoft Office XP Small Business Edition
  • Microsoft Office XP Standard Edition
Keywords: 
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability kbsurveynew KB975539

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com