Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4841

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4841
Last Modified 07 Mar 2011 10:13:22
Published 10 Dec 2008 09:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4841

Summary

The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.

Vulnerable Systems

Application

  • Microsoft Wordpad

  • Microsoft Wordpad Unknown


References

CERT - TA09-104A

VUPEN - ADV-2009-1024

VUPEN - ADV-2008-3390

BID - 32718

BID - 31399

MILW0RM - 6560

MS - MS09-010

CONFIRM - http://www.microsoft.com/technet/security/advisory/960906.mspx

SECTRACK - 1021376

SREASON - 4711

SECUNIA - 32997

MISC - http://milw0rm.com/sploits/2008-crash.doc.rar


Last Updated: 27 May 2016 10:48:38