Added: 04/17/2009
CVE: CVE-2008-4841
BID: 32718
OSVDB: 50567
The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files.
A buffer overflow vulnerability allows command execution when WordPad is used to open a Word 97 file containing a specially crafted XST structure.
Apply the patch referenced in Microsoft Security Bulletin 09-010.
<http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx>
Exploit works on Windows 2000 and requires a user to open the exploit file in WordPad.
Windows 2000