CVE-2009-0087

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the patchday that contains the fix for the vulnerability Microsoft Office Word versions prior to the patchday that contains the fix for the vulnerability

Description A remote code execution issue exists in the way that text converters in WordPad and Microsoft Office process memory when a user opens a specially crafted Word 6 file that includes malformed data. This allows remote attackers to execute arbitrary code via a crafted Word 6 file.

Recommendations For Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2, update to a version that includes the patch for this issue. For Microsoft Office Word 2000 SP3 and 2002 SP3, update to a version that includes the patch for this issue. As a temporary workaround, consider restricting the use of the Word 6 text converter in WordPad and Microsoft Office until a patch is available.