Title

Microsoft Office Works File Convertor Remote Code Execution Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a remote code execution vulnerability in Microsoft Office. Microsoft Office Works File Convertor is an optional download that allows Microsoft Office applications to open, edit, and save files in the Works Word Processor file format supported by the Works versions 6, 7, 8, and 9. To exploit this vulnerability, an attacker would entice a user to access a malicious .wps file hosted on a malicious web site or sent via email. If successfully exploited, the attacker would execute arbitrary code and compromise the affected system.At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS12-028 (2639185). Vulnerable Applications/Systems: Microsoft Office 2007 SP2 Microsoft Works 9 Microsoft Works 6-9 File Converter Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Wkcvqd01.dll Microsoft Office 2007 SP2 - 9.08.1117.0 Microsoft Works 9 - 9.08.1117.0 Microsoft Works 6-9 File Converter - 9.08.1117.0

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-31984

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.