Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS09-010: Vulnerability in WordPad and Office text converters could allow remote code execution


View products that this article applies to.

Introduction

Microsoft has released security bulletin MS09-010. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site: North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the following Microsoft Web site: For enterprise customers, support for security updates is available through your usual support contacts.

↑ Back to the top


More information

Known issues with this security update

  • Customers who have applied the workarounds that are listed in security advisory 960906 may experience errors during the installation of this security update. This may cause the update installation to fail. In order to install this security update, you must roll back the workaround before you install this security update. For more information about how to roll back the workaround, click the following article number to view the article in the Microsoft Knowledge Base:
    923561� MS09-010: Description of the update for Windows WordPad Converter: April 14, 2009
  • This security update deploys additional changes to the way that WordPad supports loading of Word 6.0 and Write files.

    By default, Windows XP SP2, Windows XP SP3, Windows Server 2003 SP1, and Windows Server 2003 SP2 operating systems already prevent WordPad from parsing Word 6.0 and Write documents by disabling these text converters. Additionally, this mechanism was deployed on other platforms when security update MS04-041 was installed. On these platforms, when you open a Word for Windows 6.0 document, you receive an error message that resembles the following:
    Can not load Word for Windows 6.0 files
    Write files are parsed as plain text files, but no message is shown. This behavior is described in Microsoft Knowledge Base article 870883. However, it can be disabled by an administrator by using a registry key.

    When you install this security update (security update 960477), this behavior is enforced more strictly. This security update adds a second dialog box so that even if this feature is disabled by using a registry key as described in Microsoft Knowledge Base article 870883, the user receives a warning message that resembles the following before the file is opened:
    Viewing this file format with Wordpad might result in a security risk. More details are available at http://support.microsoft.com/kb/923561 Are you sure you want to view this file in Wordpad?
    We recommend that users use the Word Viewer applications to view older files that can no longer be opened in WordPad. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    891090� How to obtain the latest Word Viewer
    If an administrator requires the Word 6 and Write converters, the EnableLegacyConverters registry entry with a DWORD value of 1 can be used to re-enable the converter. To do this, follow these steps:
    1. Click Start, click Run, type regedit in the Open box, and then click OK.
    2. Locate and then click the following subkey in the registry:
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad
    3. On the Edit menu, point to New, and then click DWORD Value.
    4. Type EnableLegacyConverters for the name of the DWORD, and then press ENTER.
    5. Right-click EnableLegacyConverters, and then click Modify.
    6. In the Value data box, type 1, and then click OK.
    7. Exit Registry Editor.
    After you set this registry key value, WordPad can open Word 6.0 and Write files. However, the user will still receive the warning message. If the user clicks Yes, WordPad opens the file. If the user clicks No, which is recommended, WordPad exits, and the document does not open.

    An additional registry entry can be used to allow for WordPad to open the files without this additional warning message. We do not recommend that you implement this entry. However, it can be used if user behavior should not change after you install this security update. To do this, add the EnableLegacyConvertersNoPopup registry DWORD with a value of 1 to the following subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad
    This registry entry works only if the EnableLegacyConverters entry is also enabled.

Additional information about this security update

For more information about this security update, and for information about any known issues with specific releases of this software, click the following article number to view the article in the Microsoft Knowledge Base:
921606� MS09-010: Description of the security update for Office 2000: April 14, 2009
933399� MS09-010: Description of the security update for Office XP: April 14, 2009
960476� MS09-010: Description of the security update for the Office 2003 File Converter Pack: April 14, 2009
923561� MS09-010: Description of the update for Windows WordPad Converter: April 14, 2009

↑ Back to the top


Office file information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

For all supported versions of Office 2000

Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Html32.cnv2003.1100.8165.0321,88830-Apr-200721:12
Msconv97.dll2003.1100.8202.0119,81620-Nov-200702:59
Mswrd632.cnv2003.1100.8245.015,18418-Dec-200800:20
Mswrd832.cnv2003.1100.8200.0219,14405-Nov-200723:43
Wpft532.cnv2003.1100.8161.0188,76823-Mar-200701:27
Wpft632.cnv2003.1100.8166.0226,65610-May-200720:35

For all supported versions of Office XP

Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Html32.cnv2003.1100.8165.0321,88809-Feb-200921:56
Msconv97.dll2003.1100.8202.0119,81609-Feb-200921:56
Mswrd632.cnv2003.1100.8245.015,18409-Feb-200921:56
Mswrd832.cnv2003.1100.8200.0219,14409-Feb-200921:56
Wpft632.cnv2003.1100.8166.0226,65609-Feb-200921:56

For the Office 2003 File Converter Pack

Msconv.msp
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Msconv97.dll2003.1100.8202.0119,81620-Nov-200702:59
Mswrd832.cnv2003.1100.8200.0219,14405-Nov-200723:43
Wpft532.cnv2003.1100.8161.0188,76823-Mar-200701:27
Wpft632.cnv2003.1100.8166.0226,65610-May-200720:35
Ocpgpflt.msp
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Epsimp32.flt2003.1100.8164.0432,48019-Apr-200721:08
Gifimp32.flt2003.1100.8165.0222,04830-Apr-200722:13
Pictim32.flt2003.1100.8161.066,40023-Mar-200702:28
Png32.flt2003.1100.8165.0207,70430-Apr-200722:13
Wpgimp32.flt2003.1100.8202.0136,71220-Nov-200703:59

↑ Back to the top


Windows file information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows 2000 file information

For all supported versions of Microsoft Windows 2000 Service Pack 4


Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Mswrd6.wpc10.0.803.10186,88010-Apr-200810:10Not Applicable
Mswrd8.wpc10.0.803.10279,55210-Apr-200810:10Not Applicable
Sp3res.dll5.0.2195.72266,313,47205-Jan-200907:07x86
Sysmain.sdbNot Applicable333,00825-Mar-200902:23Not Applicable
Wordpad.exe5.0.2195.7155187,66430-Apr-200806:08x86
Write.wpc10.0.803.1089,08810-Apr-200810:10Not Applicable

Windows XP and Windows Server 2003 file information

  • The files that apply to a specific milestone (RTM, SPn) and service branch (QFE, GDR) are noted in the "SP requirement" and "Service branch" columns.
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.
  • In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

For all supported x86-based versions of Windows XP

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Mswrd8.wpc10.0.803.10279,55221-Apr-200809:56Not ApplicableSP2SP2GDR
Sysmain.sdbNot Applicable1,193,41427-Mar-200907:09Not ApplicableSP2SP2GDR
Wordpad.exe5.1.2600.3355215,55221-Apr-200810:02x86SP2SP2GDR
Xpsp3res.dll5.1.2600.3314351,74415-Feb-200809:06x86SP2SP2GDR
Acadproc.dll5.1.2600.354339,42425-Mar-200905:54x86SP2SP2QFE
Mswrd8.wpc10.0.803.10279,55221-Apr-200809:35Not ApplicableSP2SP2QFE
Sysmain.sdbNot Applicable1,198,44227-Mar-200905:59Not ApplicableSP2SP2QFE
Wordpad.exe5.1.2600.3355215,55221-Apr-200809:26x86SP2SP2QFE
Xpsp3res.dll5.1.2600.3314351,74415-Feb-200809:06x86SP2SP2QFE
Mswrd8.wpc2007.10.31.10279,55221-Apr-200812:20Not ApplicableSP3SP3GDR
Sysmain.sdbNot Applicable1,203,92227-Mar-200906:58Not ApplicableSP3SP3GDR
Wordpad.exe5.1.2600.5584215,55221-Apr-200812:08x86SP3SP3GDR
Xpsp4res.dll5.1.2600.55942,56003-May-200811:55x86SP3SP3GDR
Mswrd8.wpc2007.10.31.10279,55222-Apr-200800:58Not ApplicableSP3SP3QFE
Sysmain.sdbNot Applicable1,203,92227-Mar-200906:33Not ApplicableSP3SP3QFE
Wordpad.exe5.1.2600.5584215,55221-Apr-200812:15x86SP3SP3QFE
Xpsp4res.dll5.1.2600.55942,56003-May-200811:55x86SP3SP3QFE


For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 edition

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Spupdsvc.exe6.3.4.125,90427-Mar-200919:42x64NoneNot Applicable
Mswrd8.wpc10.0.803.10384,00027-Mar-200919:20Not ApplicableSP1SP1GDR
Sysmain.sdbNot Applicable18,16027-Mar-200919:20Not ApplicableSP1SP1GDR
Wordpad.exe5.2.3790.3129342,52827-Mar-200919:20x64SP1SP1GDR
Wmswrd8.wpc10.0.803.10279,55227-Mar-200919:20Not ApplicableSP1SP1GDR\WOW
Wsysmain.sdbNot Applicable1,344,02227-Mar-200919:20Not ApplicableSP1SP1GDR\WOW
Ww03a2409.dll5.2.3790.309029,69627-Mar-200919:20x86SP1SP1GDR\WOW
Wwordpad.exe5.2.3790.3129217,08827-Mar-200919:20x86SP1SP1GDR\WOW
Mswrd8.wpc10.0.803.10384,00027-Mar-200919:20Not ApplicableSP1SP1QFE
Sysmain.sdbNot Applicable18,16027-Mar-200919:20Not ApplicableSP1SP1QFE
Wordpad.exe5.2.3790.3129342,52827-Mar-200919:20x64SP1SP1QFE
Wacgenral.dll5.2.3790.33131,860,60827-Mar-200919:20x86SP1SP1QFE\WOW
Wmswrd8.wpc10.0.803.10279,55227-Mar-200919:20Not ApplicableSP1SP1QFE\WOW
Wsysmain.sdbNot Applicable1,348,57027-Mar-200919:20Not ApplicableSP1SP1QFE\WOW
Ww03a2409.dll5.2.3790.309029,69627-Mar-200919:20x86SP1SP1QFE\WOW
Wwordpad.exe5.2.3790.3129217,08827-Mar-200919:20x86SP1SP1QFE\WOW
Mswrd8.wpc10.0.803.10384,00027-Mar-200919:30Not ApplicableSP2SP2GDR
Sysmain.sdbNot Applicable19,47427-Mar-200919:30Not ApplicableSP2SP2GDR
W03a3409.dll5.2.3790.423615,36027-Mar-200919:30x64SP2SP2GDR
Wordpad.exe5.2.3790.4282342,52827-Mar-200919:30x64SP2SP2GDR
Wmswrd8.wpc10.0.803.10279,55227-Mar-200919:30Not ApplicableSP2SP2GDR\WOW
Wsysmain.sdbNot Applicable1,359,39427-Mar-200919:30Not ApplicableSP2SP2GDR\WOW
Ww03a3409.dll5.2.3790.423614,84827-Mar-200919:30x86SP2SP2GDR\WOW
Wwordpad.exe5.2.3790.4282217,08827-Mar-200919:30x86SP2SP2GDR\WOW
Mswrd8.wpc10.0.803.10384,00027-Mar-200919:20Not ApplicableSP2SP2QFE
Sysmain.sdbNot Applicable19,83827-Mar-200919:20Not ApplicableSP2SP2QFE
W03a3409.dll5.2.3790.423615,36027-Mar-200919:20x64SP2SP2QFE
Wordpad.exe5.2.3790.4282342,52827-Mar-200919:20x64SP2SP2QFE
Wmswrd8.wpc10.0.803.10279,55227-Mar-200919:20Not ApplicableSP2SP2QFE\WOW
Wsysmain.sdbNot Applicable1,359,20627-Mar-200919:20Not ApplicableSP2SP2QFE\WOW
Ww03a3409.dll5.2.3790.423614,84827-Mar-200919:20x86SP2SP2QFE\WOW
Wwordpad.exe5.2.3790.4282217,08827-Mar-200919:20x86SP2SP2QFE\WOW

For all supported x86-based versions of Windows Server 2003

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Spupdsvc.exe6.3.4.123,85601-Mar-200705:47x86NoneNot Applicable
Mswrd8.wpc10.0.803.10279,55229-Apr-200811:10Not ApplicableSP1SP1GDR
Sysmain.sdbNot Applicable1,344,02227-Mar-200908:03Not ApplicableSP1SP1GDR
Wordpad.exe5.2.3790.3129217,08829-Apr-200811:06x86SP1SP1GDR
Acgenral.dll5.2.3790.33131,860,60825-Mar-200908:09x86SP1SP1QFE
Mswrd8.wpc10.0.803.10279,55225-Mar-200921:28Not ApplicableSP1SP1QFE
Sysmain.sdbNot Applicable1,348,57027-Mar-200907:10Not ApplicableSP1SP1QFE
Wordpad.exe5.2.3790.3129217,08829-Apr-200811:06x86SP1SP1QFE
Mswrd8.wpc10.0.803.10279,55229-Apr-200816:38Not ApplicableSP2SP2GDR
Sysmain.sdbNot Applicable1,359,39427-Mar-200907:47Not ApplicableSP2SP2GDR
W03a3409.dll5.2.3790.423614,84814-Feb-200809:51x86SP2SP2GDR
Wordpad.exe5.2.3790.4282217,08829-Apr-200816:47x86SP2SP2GDR
Mswrd8.wpc10.0.803.10279,55229-Apr-200816:45Not ApplicableSP2SP2QFE
Sysmain.sdbNot Applicable1,359,20627-Mar-200907:38Not ApplicableSP2SP2QFE
W03a3409.dll5.2.3790.423614,84814-Feb-200809:51x86SP2SP2QFE
Wordpad.exe5.2.3790.4282217,08829-Apr-200816:35x86SP2SP2QFE

For all supported IA-64-based versions of Windows Server 2003

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Spupdsvc.exe6.3.4.139,72827-Mar-200919:41IA-64NoneNot Applicable
Mswrd8.wpc10.0.803.10733,18427-Mar-200919:20Not ApplicableSP1SP1GDR
Sysmain.sdbNot Applicable18,24027-Mar-200919:20Not ApplicableSP1SP1GDR
Wordpad.exe5.2.3790.3129607,23227-Mar-200919:20IA-64SP1SP1GDR
Wmswrd8.wpc10.0.803.10279,55227-Mar-200919:20Not ApplicableSP1SP1GDR\WOW
Wsysmain.sdbNot Applicable1,344,02227-Mar-200919:20Not ApplicableSP1SP1GDR\WOW
Ww03a2409.dll5.2.3790.309029,69627-Mar-200919:20x86SP1SP1GDR\WOW
Wwordpad.exe5.2.3790.3129217,08827-Mar-200919:20x86SP1SP1GDR\WOW
Mswrd8.wpc10.0.803.10733,18427-Mar-200919:20Not ApplicableSP1SP1QFE
Sysmain.sdbNot Applicable18,24027-Mar-200919:20Not ApplicableSP1SP1QFE
Wordpad.exe5.2.3790.3129607,23227-Mar-200919:20IA-64SP1SP1QFE
Wacgenral.dll5.2.3790.33131,860,60827-Mar-200919:20x86SP1SP1QFE\WOW
Wmswrd8.wpc10.0.803.10279,55227-Mar-200919:20Not ApplicableSP1SP1QFE\WOW
Wsysmain.sdbNot Applicable1,348,57027-Mar-200919:20Not ApplicableSP1SP1QFE\WOW
Ww03a2409.dll5.2.3790.309029,69627-Mar-200919:20x86SP1SP1QFE\WOW
Wwordpad.exe5.2.3790.3129217,08827-Mar-200919:20x86SP1SP1QFE\WOW
Mswrd8.wpc10.0.803.10733,18427-Mar-200919:25Not ApplicableSP2SP2GDR
Sysmain.sdbNot Applicable19,11827-Mar-200919:25Not ApplicableSP2SP2GDR
W03a3409.dll5.2.3790.423613,82427-Mar-200919:25IA-64SP2SP2GDR
Wordpad.exe5.2.3790.4282607,23227-Mar-200919:25IA-64SP2SP2GDR
Wmswrd8.wpc10.0.803.10279,55227-Mar-200919:25Not ApplicableSP2SP2GDR\WOW
Wsysmain.sdbNot Applicable1,359,39427-Mar-200919:25Not ApplicableSP2SP2GDR\WOW
Ww03a3409.dll5.2.3790.423614,84827-Mar-200919:25x86SP2SP2GDR\WOW
Wwordpad.exe5.2.3790.4282217,08827-Mar-200919:25x86SP2SP2GDR\WOW
Mswrd8.wpc10.0.803.10733,18427-Mar-200919:20Not ApplicableSP2SP2QFE
Sysmain.sdbNot Applicable19,48227-Mar-200919:20Not ApplicableSP2SP2QFE
W03a3409.dll5.2.3790.423613,82427-Mar-200919:20IA-64SP2SP2QFE
Wordpad.exe5.2.3790.4282607,23227-Mar-200919:20IA-64SP2SP2QFE
Wmswrd8.wpc10.0.803.10279,55227-Mar-200919:20Not ApplicableSP2SP2QFE\WOW
Wsysmain.sdbNot Applicable1,359,20627-Mar-200919:20Not ApplicableSP2SP2QFE\WOW
Ww03a3409.dll5.2.3790.423614,84827-Mar-200919:20x86SP2SP2QFE\WOW
Wwordpad.exe5.2.3790.4282217,08827-Mar-200919:20x86SP2SP2QFE\WOW

↑ Back to the top


Applies to:

↑ Back to the top

Keywords: kbsecvulnerability, kbsecurity, kbregistry, atdownload, kbbug, kbexpertiseinter, kbfix, kbsecbulletin, kbsurveynew, KB960477

↑ Back to the top

Article Info
Article ID : 960477
Revision : 3
Created on : 4/16/2009
Published on : 4/16/2009
Exists online : False
Views : 653