HTTP: Microsoft WordPad and Office Text converter Integer Overflow
his signature detects attempts to exploit a known integer overflow vulnerability in Microsoft WordPad and Office Text converter. It is due to lack of input validation while parsing specially crafted Word 97 documents. Remote attackers can exploit this by enticing a target user to open a malicious Word 97 document, potentially causing arbitrary code to be injected and executed in the security context of the current user. In a successful code injection attack, the behaviour of the target is dependent on the intention of the malicious code. In an unsuccessful attack, the application can terminate as a result of invalid memory access.
Extended Description
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.
Short Name
HTTP:STC:DL:WORD-CONV-INT-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-2506 Integer Microsoft Office Overflow Text WordPad and bid:37216 converter
Release Date
10/14/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
CVSS Score
9.3