MS09-073: Vulnerability in WordPad and Office text converters could allow remote code execution
Microsoft has released security bulletin MS09-073. To view the complete security bulletin, visit one of the following Microsoft Web sites:
- Home users:Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
- IT professionals:
How to obtain help and support for this security updateHelp installing updates: Support for Microsoft Update
Security solutions for IT professionals: TechNet Security Troubleshooting and Support
Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center
Local support according to your country: International Support
Known issues and more information about this security updateFor more information about this security update and for information about any known issues with specific releases of this software, click the following article number to view the article in the Microsoft Knowledge Base:
975008 MS09-073: Description of the security update for Office XP: December 8, 2009
975051 MS09-073: Description of the security update for Office 2003: December 8, 2009
974882 MS09-073: Description of the security update for the Office 2003 File Converter Pack: December 8, 2009
973904 MS09-073: Description of the security update for Windows XP, Windows 2000, Windows Server 2003: December 8, 2009
977304 MS08-073: Description of the security update for Microsoft Works 8: December 8, 2009
Known issues with this security update
- The binary file Msconv97.dll is a shared binary that is used by Windows security update 973904 and Office security updates 975051 or 975008. If Office is installed on your system and if security update 975051 or 975008 is also installed, both Windows security update 973904 and Office security update 975051 or 975008 might be reoffered if either of them is uninstalled. In this situation, it is okay to accept the reinstallation of either or both of the uninstalled security updates.
- The Msconv97.dll file has one version number in security update 973904 and another version number in security updates 975051 and 975008. This is expected behavior and does not expose you to risk.
When you install both security update 973904 and security update in 975051 or 975008, the Msconv97.dll file is updated to the Office version of this specific file that has the highest version number. When the Office update is uninstalled, the version may decrease to the version number that is included with the Windows security update.
When an older version of Office is installed, this final version number of the Msconv97.dll file may be earlier than what it was before installation of the security update. This does not expose the system to any risk because this file contains no vulnerabilities that were addressed by this security update. When you open a file that requires a converter, Office will automatically reinstall the version of the file that was present before you installed any of the security updates that are referenced by security bulletin MS09-073.
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
رقم الموضوع: 975539 - آخر مراجعة: 05/08/2012 22:06:00 - المراجعة: 3.0
Microsoft Office Basic Edition 2003, Microsoft Office Standard Edition 2003, Microsoft Office Professional Edition 2003, Microsoft Windows XP Home Edition, Microsoft Windows XP Professional, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition, Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Datacenter Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Datacenter x64 Edition, Microsoft Windows Server 2003, Enterprise x64 Edition, Microsoft Windows Server 2003, Standard x64 Edition, Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems, Microsoft Office XP Professional Edition, Microsoft Office XP Small Business Edition, Microsoft Office XP Standard Edition
- atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability kbsurveynew KB975539