Published: 2008-12-14T18:15+00:00
Last Updated: 2009-04-26T07:14+00:00
JVNTR-2008-07
Microsoft WordPad Text Converter vulnerable to remote code execution
Overview
The WordPad Text Converter for Word 97 files included in some versions of Windows contains an unspecified error which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Event Information
| Date (UTC) | Description |
| 2009-04-14 22:34 |
Microsoft Microsoft Security Advisory (960906): Vulnerability in WordPad Text Converter Could Allow Remote Code Execution WordPad Word 97 Text Converter Stack Overflow Vulnerability (MS09-010, CVE-2008-4841) Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-010 to address this issue. |
| 2009-04-14 22:34 |
Microsoft Microsoft Security Advisory (960906): Vulnerability in WordPad Text Converter Could Allow Remote Code Execution WordPad Word 97 Text Converter Stack Overflow Vulnerability (MS09-010, CVE-2008-4841) Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-010 to address this issue. |
| 2008-12-11 |
Trend Micro TROJ_MCWORDP.A Exploiting Text Converter Vulnerability (CVE-2008-4841) |
| 2008-12-10 23:55 |
Symantec ThreatCON (1) => (2) The ThreatCon is at level 2. Two previously unknown, unpatched vulnerabilities affecting Microsoft Internet Explorer and Microsoft WordPad are being exploited in the wild. |
| 2008-12-10 11:38 |
SANS Internet Storm Center Microsoft wordpad text converter issue This issue affects the wordpad text converter for word 97 on a number of operating systems. XP SP3, Vista and Server 2008 are not vulnerable. |
| 2008-12-09 20:08 |
Microsoft Microsoft Security Advisory (960906): Vulnerability in WordPad Text Converter Could Allow Remote Code Execution Advisory published. Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1, and Windows Server 2003 SP2. |
| 2008-12-09 10:44 |
Microsoft Security Response Center Blog December 2008 Monthly Bulletin Release In addition, today we've published Microsoft Security Advisory 960906 regarding new reports of a vulnerability in the Wordpad Converter for Word 97 files affecting Windows 2000 SP4, Windows XP SP2 and Windows Server 2003 SP1 and SP2. We are aware of very limited and targeted attacks seeking to exploit this vulnerability. The advisory details workarounds that you can evaluate while we develop a security update for this issue. |
| 2008-12-09 09:44 |
US-CERT Microsoft Releases Security Advisory (960906) US-CERT Current Activity Microsoft has released Security Advisory 960906 to address reports of a vulnerability in the WordPad Text Converter for Word 97 files. The advisory indicates that Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are affected by this vulnerability. Exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code or obtain local user rights. Additionally, Microsoft indicates that they are aware of limited and targeted attacks using this vulnerability. |
Other Information
| CVE |
CVE-2008-4841 |