ID CVE-2008-4841
Summary The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:wordpad
    cpe:2.3:a:microsoft:wordpad
  • cpe:2.3:a:microsoft:wordpad:unknown
    cpe:2.3:a:microsoft:wordpad:unknown
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
CVSS
Base: 9.3 (as of 11-12-2008 - 10:48)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description MS Windows Wordpad .doc File Local Denial of Service PoC. CVE-2008-4841,CVE-2009-0259. Dos exploit for windows platform
file exploits/windows/dos/6560.txt
id EDB-ID:6560
last seen 2016-02-01
modified 2008-09-25
platform windows
port
published 2008-09-25
reporter securfrog
source https://www.exploit-db.com/download/6560/
title Microsoft Windows Wordpad - .doc File Local Denial of Service PoC
type dos
msbulletin via4
bulletin_id MS09-010
bulletin_url
date 2009-04-14T00:00:00
impact Remote Code Execution
knowledgebase_id 960477
knowledgebase_url
severity Critical
title Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS09-010.NASL
description The remote host contains a version of the Microsoft WordPad and/or Microsoft Office text converters that could allow remote code execution if a specially crafted file is opened.
last seen 2019-02-21
modified 2018-11-15
plugin id 36148
published 2009-04-15
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=36148
title MS09-010: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
oval via4
accepted 2014-06-30T04:11:13.782-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Brendan Miles
    organization The MITRE Corporation
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
    oval oval:org.mitre.oval:def:720
  • comment Microsoft Windows Server 2003 SP1 (x64) is installed
    oval oval:org.mitre.oval:def:4386
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
description The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
family windows
id oval:org.mitre.oval:def:6050
status accepted
submitted 2009-04-14T16:00:00
title WordPad Word 97 Text Converter Stack Overflow Vulnerability
version 25
refmap via4
bid
  • 31399
  • 32718
cert TA09-104A
confirm http://www.microsoft.com/technet/security/advisory/960906.mspx
exploit-db 6560
misc http://milw0rm.com/sploits/2008-crash.doc.rar
ms MS09-010
sectrack 1021376
secunia 32997
sreason 4711
vupen
  • ADV-2008-3390
  • ADV-2009-1024
saint via4
bid 32718
description Microsoft WordPad Word 97 text converter XST buffer overflow
id win_patch_word97
osvdb 50567
title ms_wordpad_word97_conv_xst
type client
Last major update 07-03-2011 - 22:13
Published 10-12-2008 - 09:00
Last modified 12-10-2018 - 17:49
Back to Top