9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.874 High
EPSS
Percentile
98.3%
Added: 04/17/2009
CVE: CVE-2008-4841
BID: 32718
OSVDB: 50567
The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files.
A buffer overflow vulnerability allows command execution when WordPad is used to open a Word 97 file containing a specially crafted XST structure.
Apply the patch referenced in Microsoft Security Bulletin 09-010.
<http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx>
Exploit works on Windows 2000 and requires a user to open the exploit file in WordPad.
Windows 2000