MS09-073: Vulnerability in WordPad and Office text converters could allow remote code execution

Microsoft has released security bulletin MS09-073. To view the complete security bulletin, visit one of the following Microsoft Web sites:

• Home users:
  http://www.microsoft.com/security/updates/bulletins/200912.aspx (http://www.microsoft.com/security/updates/bulletins/200912.aspx)
  Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
  http://update.microsoft.com/microsoftupdate/ (http://update.microsoft.com/microsoftupdate/)
• IT professionals:
  http://www.microsoft.com/technet/security/bulletin/MS09-073.mspx (http://www.microsoft.com/technet/security/bulletin/MS09-073.mspx)

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site: North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the following Microsoft Web site: For enterprise customers, support for security updates is available through your usual support contacts.

Known issues and more information about this security update

For more information about this security update and for information about any known issues with specific releases of this software, click the following article number to view the article in the Microsoft Knowledge Base:

Known issues with this security update

• The binary file Msconv97.dll is a shared binary that is used by Windows security update 973904 and Office security updates 975051 or 975008. If Office is installed on your system and if security update 975051 or 975008 is also installed, both Windows security update 973904 and Office security update 975051 or 975008 might be reoffered if either of them is uninstalled. In this situation, it is okay to accept the reinstallation of either or both of the uninstalled security updates.
• The Msconv97.dll file has one version number in security update 973904 and another version number in security updates 975051 and 975008. This is expected behavior and does not expose you to risk.
  
  When you install both security update 973904 and security update in 975051 or 975008, the Msconv97.dll file is updated to the Office version of this specific file that has the highest version number. When the Office update is uninstalled, the version may decrease to the version number that is included with the Windows security update.
  
  When an older version of Office is installed, this final version number of the Msconv97.dll file may be earlier than what it was before installation of the security update. This does not expose the system to any risk because this file contains no vulnerabilities that were addressed by this security update. When you open a file that requires a converter, Office will automatically reinstall the version of the file that was present before you installed any of the security updates that are referenced by security bulletin MS09-073.