Lucene search

K
saintSAINT CorporationSAINT:A4E8DF73E4BB34F138CAF816855D1EB2
HistoryApr 17, 2009 - 12:00 a.m.

Microsoft WordPad Word 97 text converter XST buffer overflow

2009-04-1700:00:00
SAINT Corporation
my.saintcorporation.com
11

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.897 High

EPSS

Percentile

98.8%

Added: 04/17/2009
CVE: CVE-2008-4841
BID: 32718
OSVDB: 50567

Background

The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files.

Problem

A buffer overflow vulnerability allows command execution when WordPad is used to open a Word 97 file containing a specially crafted XST structure.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-010.

References

<http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx&gt;

Limitations

Exploit works on Windows 2000 and requires a user to open the exploit file in WordPad.

Platforms

Windows 2000

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.897 High

EPSS

Percentile

98.8%