Lucene search

K
saintSAINT CorporationSAINT:A4E8DF73E4BB34F138CAF816855D1EB2
HistoryApr 17, 2009 - 12:00 a.m.

Microsoft WordPad Word 97 text converter XST buffer overflow

2009-04-1700:00:00
SAINT Corporation
my.saintcorporation.com
11

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.879 High

EPSS

Percentile

98.7%

Added: 04/17/2009
CVE: CVE-2008-4841
BID: 32718
OSVDB: 50567

Background

The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files.

Problem

A buffer overflow vulnerability allows command execution when WordPad is used to open a Word 97 file containing a specially crafted XST structure.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-010.

References

<http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx&gt;

Limitations

Exploit works on Windows 2000 and requires a user to open the exploit file in WordPad.

Platforms

Windows 2000

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.879 High

EPSS

Percentile

98.7%