|
|
CVE Reference: CVE-2008-4841 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-4841 |
|
|
Description: The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. |
|
|
CVE Status: Candidate |
|
|
References: ST 1021376 SREASON http://securityreason.com/securityalert/4711 SAID Secunia Advisory: SA32997 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6050 MS http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx MISC http://milw0rm.com/sploits/2008-crash.doc.rar MILW0RM http://www.milw0rm.com/exploits/6560 CONFIRM http://www.microsoft.com/technet/security/advisory/960906.mspx CERT http://www.us-cert.gov/cas/techalerts/TA09-104A.html BID 32718 31399 |
|
| Return to the previous page. |
