Lucene search
SAINT CorporationSAINT:2A7A4BC8F57EB04B759C3067711B9EEAHistoryApr 17, 2009 - 12:00 a.m.
Microsoft WordPad Word 97 text converter XST buffer overflow
2009-04-1700:00:00
SAINT Corporation
www.saintcorporation.com
8
0.897 High
EPSS
Percentile
98.8%
Added: 04/17/2009
CVE: CVE-2008-4841
BID: 32718
OSVDB: 50567
Background
The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files.
Problem
A buffer overflow vulnerability allows command execution when WordPad is used to open a Word 97 file containing a specially crafted XST structure.
Resolution
Apply the patch referenced in Microsoft Security Bulletin 09-010.
References
<http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx>
Limitations
Exploit works on Windows 2000 and requires a user to open the exploit file in WordPad.
Platforms
Windows 2000
Related
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2008-4841
2008-12-10 14:00:01
CVE-2009-0259
2009-01-22 23:30:04
cvelist
cvelist
CVE-2008-4841
2008-12-10 13:33:00
CVE-2009-0259
2009-01-22 23:00:00
seebug
seebug
MicrosoftεεζΏζ仢转ζ’ε¨θΏη¨δ»£η ζ§θ‘ζΌζ΄
2008-12-11 00:00:00
saint
saint
Microsoft WordPad Word 97 text converter XST buffer overflow
2009-04-17 00:00:00
Microsoft WordPad Word 97 text converter XST buffer overflow
2009-04-17 00:00:00
Microsoft WordPad Word 97 text converter XST buffer overflow
2009-04-17 00:00:00
cve
cve
CVE-2008-4841
2008-12-10 14:00:01
CVE-2009-0259
2009-01-22 23:30:04
cert
cert
Microsoft WordPad Text Converter vulnerable to remote code execution
2008-12-11 00:00:00
prion
prion
Memory corruption
2008-12-10 14:00:00
Memory corruption
2009-01-22 23:30:00
mskb
mskb
ubuntucve
ubuntucve
CVE-2009-0259
2009-01-22 00:00:00
openvas
openvas
WordPad and Office Text Converter Memory Corruption Vulnerability (960477)
2008-12-12 00:00:00
WordPad and Office Text Converter Memory Corruption Vulnerability (960477)
2008-12-12 00:00:00
securityvulns
securityvulns
nessus
nessus