QwikSec

Security Database

CVE

CWE

Training

CVE-2008-4841

Published: Dec 10, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

oval:org.mitre.oval:def:6050

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_CERT

vdb-entry

x_refsource_BID

http://www.microsoft.com/technet/security/advisory/960906.mspx

x_refsource_CONFIRM

http://milw0rm.com/sploits/2008-crash.doc.rar

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

third-party-advisory

x_refsource_SREASON

vendor-advisory

x_refsource_MS

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.