Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Microsoft Works Converter

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Microsoft Works Converter

June 11, 2009
>> JAPANESE

The Information-technology Promotion Agency (IPA, Chairman Koji Nishigaki) announced a security alert on June 11, 2009 concerning security vulnerability in “Microsoft Works Converter”.
When users view a crafted document file obtained via web browser or e-mail message with “Microsoft Office” or “Microsoft Works”, an arbitrary code may be executed.
If exploited, the computer may become under the control of an attacker with malicicous intent. Involuntary operations may occur, such as the execution of unintended programs, the deletion of files, and the installation of malicious tools such as viruses and bots.
To fix this vulnerability, update to the fixed version supplied by the vendor.

1.Overview

“Microsoft Works Converter”, provided by Microsoft Corporation, allows users to view wps files with “Microsoft Office” and “Microsoft Works”. “Microsoft Works Converter” is provided within “Microsoft Office” and “Microsoft Works”, and is widely used in Japan.

The security vulnerability buffer overflow exists in “Microsoft Works Converter”, which may occur while processing the wps files. If this vulnerability is exploited, there is a possibility that an arbitrary code may be executed on computers installed with “Microsoft Works Converter”.

This security alert was issued because of the large scale of impact by the vulnerability, and also under the decision that many affected domestic users widely exists due to the popularization of “Microsoft Office” and “Microsoft Works”.

For detailed information, refer to the URL below:
http://www.microsoft.com/technet/security/bulletin/MS09-024.mspx

For the latest information, refer to the URL below:
http://jvndb.jvn.jp/jvndb/JVNDB-2009-000039

The IPA first received a report concerning this vulnerability through the creditee below on August 13, 2007, and the JPCERT Coordination Center (JPCERT/CC), in line with the Information Security Early Warning Partnership, made adjustments to clarify the matter with the vendor and made the announcement public on June 11, 2009.
Credit: Yuji Ukai, Fourteenforty Research Institute, Inc.

2.Impact

In the event a user views a crafted document file with “Microsoft Office” or “Microsoft Works”, there is a possibility that systems may be destroyed or infected by viruses or bots. Consequently, the computer may become under the control of an attacker with malicious intent.

Security Alert for Vulnerability in Microsoft Works Converter

3.Solution

To fix this vulnerability, update to the fixed version supplied by the vendor.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
■ Medium
(4.0~6.9)
□ High
(7.0~10.0)
CVSS base score   6.8  

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High ■ Medium □ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact □ None ■ Partial □ Complete
I:Integrity Impact □ None ■ Partial □ Complete
A:Availability Impact □ None ■ Partial □ Complete

■:Selected Values

5.CWE Type

This vulnerability has been CWE classified as “Failure to Constrain Operations within the Bounds of the Memory Buffer (buffer error) (CWE-119)”.

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: