MS09-073: Vulnerability in WordPad and Office text converters could allow remote code execution

Microsoft has released security bulletin MS09-073. To view the complete security bulletin, visit one of the following Microsoft Web sites:

• Home users:
  http://www.microsoft.com/security/updates/bulletins/200912.aspx (http://www.microsoft.com/security/updates/bulletins/200912.aspx)
  Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
  http://update.microsoft.com/microsoftupdate/ (http://update.microsoft.com/microsoftupdate/)
• IT professionals:
  http://www.microsoft.com/technet/security/bulletin/MS09-073.mspx (http://www.microsoft.com/technet/security/bulletin/MS09-073.mspx)

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update (http://support.microsoft.com/ph/6527)

Security solutions for IT professionals: TechNet Security Troubleshooting and Support (http://technet.microsoft.com/security/bb980617.aspx)

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center (http://support.microsoft.com/contactus/cu_sc_virsec_master)

Local support according to your country: International Support (http://support.microsoft.com/common/international.aspx)

Known issues and more information about this security update

For more information about this security update and for information about any known issues with specific releases of this software, click the following article number to view the article in the Microsoft Knowledge Base:

Known issues with this security update

• The binary file Msconv97.dll is a shared binary that is used by Windows security update 973904 and Office security updates 975051 or 975008. If Office is installed on your system and if security update 975051 or 975008 is also installed, both Windows security update 973904 and Office security update 975051 or 975008 might be reoffered if either of them is uninstalled. In this situation, it is okay to accept the reinstallation of either or both of the uninstalled security updates.
• The Msconv97.dll file has one version number in security update 973904 and another version number in security updates 975051 and 975008. This is expected behavior and does not expose you to risk.
  
  When you install both security update 973904 and security update in 975051 or 975008, the Msconv97.dll file is updated to the Office version of this specific file that has the highest version number. When the Office update is uninstalled, the version may decrease to the version number that is included with the Windows security update.
  
  When an older version of Office is installed, this final version number of the Msconv97.dll file may be earlier than what it was before installation of the security update. This does not expose the system to any risk because this file contains no vulnerabilities that were addressed by this security update. When you open a file that requires a converter, Office will automatically reinstall the version of the file that was present before you installed any of the security updates that are referenced by security bulletin MS09-073.