Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:A4E8DF73E4BB34F138CAF816855D1EB2
HistoryApr 17, 2009 - 12:00 a.m.

Microsoft WordPad Word 97 text converter XST buffer overflow

2009-04-1700:00:00
SAINT Corporation
my.saintcorporation.com
11

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.879 High

EPSS

Percentile

98.7%

JSON

Added: 04/17/2009
CVE: CVE-2008-4841
BID: 32718
OSVDB: 50567

Background

The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files.

Problem

A buffer overflow vulnerability allows command execution when WordPad is used to open a Word 97 file containing a specially crafted XST structure.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-010.

References

<http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx&gt;

Limitations

Exploit works on Windows 2000 and requires a user to open the exploit file in WordPad.

Platforms

Windows 2000

Related

checkpoint_advisories 1
nvd 2
cvelist 2
seebug 1
saint 3
mskb 1
prion 2
cve 2
cert 1
ubuntucve 1
securityvulns 2
openvas 2
nessus 1
checkpoint_advisories
checkpoint_advisories
Microsoft WordPad Word 97 Text Converter List Structure Stack Overflow (MS09-010; CVE-2008-4841)
2009-04-14 00:00:00
nvd
nvd
CVE-2008-4841
2008-12-10 14:00:01
CVE-2009-0259
2009-01-22 23:30:04
cvelist
cvelist
CVE-2008-4841
2008-12-10 13:33:00
CVE-2009-0259
2009-01-22 23:00:00
seebug
seebug
Microsoftε†™ε­—ζΏζ–‡δ»Άθ½¬ζ’ε™¨θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2008-12-11 00:00:00
saint
saint
Microsoft WordPad Word 97 text converter XST buffer overflow
2009-04-17 00:00:00
Microsoft WordPad Word 97 text converter XST buffer overflow
2009-04-17 00:00:00
Microsoft WordPad Word 97 text converter XST buffer overflow
2009-04-17 00:00:00
mskb
mskb
MS09-010: Description of the update for Windows WordPad Converter: April 14, 2009
2018-04-17 00:00:00
prion
prion
Memory corruption
2008-12-10 14:00:00
Memory corruption
2009-01-22 23:30:00
cve
cve
CVE-2008-4841
2008-12-10 14:00:01
CVE-2009-0259
2009-01-22 23:30:04
cert
cert
Microsoft WordPad Text Converter vulnerable to remote code execution
2008-12-11 00:00:00
ubuntucve
ubuntucve
CVE-2009-0259
2009-01-22 00:00:00
securityvulns
securityvulns
Microsoft Wordpad / Microsoft Works multiple security vulnerabilities
2009-06-10 00:00:00
Microsoft Security Bulletin MS09-010 - Critical Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution &#40;960477&#41;
2009-04-14 00:00:00
openvas
openvas
WordPad and Office Text Converter Memory Corruption Vulnerability (960477)
2008-12-12 00:00:00
WordPad and Office Text Converter Memory Corruption Vulnerability (960477)
2008-12-12 00:00:00
nessus
nessus
MS09-010: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
2009-04-15 00:00:00

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.879 High

EPSS

Percentile

98.7%

JSON
Related for SAINT:A4E8DF73E4BB34F138CAF816855D1EB2
checkpoint_advisories1nvd2cvelist2seebug1saint3mskb1prion2cve2cert1ubuntucve1securityvulns2openvas2nessus1