To exploit the vulnerability, an attacker must convince a user to open a malicious Word 97 file using WordPad. The attacker would likely provide the file as part of an e-mail message or by hosting it on a website. Attackers may use social engineering tactics in an attempt to convince users to open provided files or visit malicious websites. Attackers will likely provide links in a crafted e-mail message or other form of messaging. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user holds Administrator privileges, the attacker could gain complete control over the affected system.
Microsoft Word 97 documents are opened by default with Microsoft Word if the application is installed on the system. To invoke WordPad to use a malicious file, the attacker must rename the file to have a Windows Write (.wri) extension.
Reports indicate that this vulnerability is actively being exploited, and several antivirus vendors are detecting exploits that install additional malicious code on the targeted system. Other exploits contain a backdoor trojan, which could provide attackers with unauthorized access to vulnerable systems.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the April 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for April 2009
Microsoft has released detailed instructions on disabling Office converters as well as methods to prevent the inadvertent installation of converters on affected platforms. The information has been released via the Microsoft MSRC Engineering blog, and can be found at the following link: MS09-010: Reducing the text converter attack surface
The update from Microsoft corrects this vulnerability by ensuring proper processing of Word 97 files by the text conversion tools.