Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS09-073: Vulnerability in WordPad and Office text converters could allow remote code execution


View products that this article applies to.

Introduction

Microsoft has released security bulletin MS09-073. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

↑ Back to the top


More information

Known issues and more information about this security update

For more information about this security update and for information about any known issues with specific releases of this software, click the following article number to view the article in the Microsoft Knowledge Base:
975008 MS09-073: Description of the security update for Office XP: December 8, 2009
975051 MS09-073: Description of the security update for Office 2003: December 8, 2009
974882 MS09-073: Description of the security update for the Office 2003 File Converter Pack: December 8, 2009
973904 MS09-073: Description of the security update for Windows XP, Windows 2000, Windows Server 2003: December 8, 2009
977304 MS08-073: Description of the security update for Microsoft Works 8: December 8, 2009

Known issues with this security update

  • The binary file Msconv97.dll is a shared binary that is used by Windows security update 973904 and Office security updates 975051 or 975008. If Office is installed on your system and if security update 975051 or 975008 is also installed, both Windows security update 973904 and Office security update 975051 or 975008 might be reoffered if either of them is uninstalled. In this situation, it is okay to accept the reinstallation of either or both of the uninstalled security updates.
  • The Msconv97.dll file has one version number in security update 973904 and another version number in security updates 975051 and 975008. This is expected behavior and does not expose you to risk.

    When you install both security update 973904 and security update in 975051 or 975008, the Msconv97.dll file is updated to the Office version of this specific file that has the highest version number. When the Office update is uninstalled, the version may decrease to the version number that is included with the Windows security update.

    When an older version of Office is installed, this final version number of the Msconv97.dll file may be earlier than what it was before installation of the security update. This does not expose the system to any risk because this file contains no vulnerabilities that were addressed by this security update. When you open a file that requires a converter, Office will automatically reinstall the version of the file that was present before you installed any of the security updates that are referenced by security bulletin MS09-073.

↑ Back to the top


Keywords: atdownload, kbbug, kbexpertiseinter, kbfix, kbsecbulletin, kbsecurity, kbsecvulnerability, kbsurveynew, KB975539

↑ Back to the top

Article Info
Article ID : 975539
Revision : 3
Created on : 5/8/2012
Published on : 5/8/2012
Exists online : False
Views : 559