Newly found Vulnerabilities 02/18/08:
Public Exploit Code for Microsoft Works Vulnerabilities
We are aware of a publicly available exploit code for vulnerabilities in Microsoft Works 6 File Converter. By convincing a user to open a specially crafted Works file, an attacker may be able to execute arbitrary code on an affected system. This vulnerability was addressed in Microsoft Security Bulletin MS08-011.
We will like to remind users to review Microsoft Security Bulletin MS08-011 and follow bulletin by apply any necessary updates or workarounds. Please view MS08-001 below: If you feel this notice help you or you have any thing to add please leave me your comments
Microsoft Security
Bulletin MS08-011 – Important
Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
Published: February 12, 2008
Version: 1.0
General Information
Executive Summary
This important security update resolves three privately reported vulnerabilities in the Microsoft Works File Converter. These vulnerabilities could allow remote code execution if a user opens a specially crafted Works (.wps) file with an affected version of Microsoft Office, Microsoft Works, or Microsoft Works Suite. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is an important security update for all supported editions of Microsoft Works Converter. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses these vulnerabilities by replacing the vulnerable version of the Works Converter on a system. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation - Microsoft recommends that customers apply the update immediately.
Known Issues -
Microsoft Knowledge Base Article 947081 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.
Affected and Non-Affected Software
The following software has been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.
Affected Software
Office Suite and Other Affected Software
Component
Microsoft Works 6 File Converter (KB943973)
Microsoft Office 2003 Service Pack 3
Microsoft Works 6 File Converter (KB943973)
Microsoft Works 8.0
Microsoft Works 6 File Converter (KB943973)
Microsoft Works
Microsoft Works 6 File Converter (KB943973)
Non-Affected Software
Office Suite
Microsoft Works 8.5
Microsoft Works 9.0
Microsoft Works
2007 Microsoft Office System
Microsoft Office 2000
Microsoft Office XP