CVE-2009-0235

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version, including Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP1 and SP2

Description The issue is related to a stack-based buffer overflow in the Word 97 text converter in WordPad, allowing remote attackers to execute arbitrary code via a crafted Word 97 file. This occurs due to the use of inconsistent integer data sizes for an unspecified length field, leading to memory corruption. A remote code execution vulnerability exists in WordPad when a user opens a specially crafted Word file, resulting in memory corruption.

Recommendations For Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP1 and SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of WordPad to open Word 97 files from untrusted sources until a patch is available.