Strike ID:
E09-07301
CVSS:
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2009

Description

This strike exploits a vulnerability in Microsoft Office Wordpad and Text Converter which can be viewed in Microsoft Office 2003. This overflow happens because the dictionary property of this document is not properly validate the NumEntries field which is used to calculate a heap buffer size by multiplying it with 12. A crafted NumEntries value of larger than 0x155555 would overflow the 4-byte integer and result in a small heap buffer. This field is then used in a process to copy data to the heap buffer, resulting in the buffer being overwritten.

CVE

MSB

BID