Executive Summary
Summary | |
---|---|
Title | Microsoft WordPad Text Converter vulnerable to remote code execution |
Informations | |||
---|---|---|---|
Name | VU#926676 | First vendor Publication | 2008-12-11 |
Vendor | VU-CERT | Last vendor Modification | 2008-12-11 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#926676Microsoft WordPad Text Converter vulnerable to remote code executionOverviewThe WordPad Text Converter for Word 97 files included in some versions of Windows contains an unspecified error which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionMicrosoft WordPad is a text editor included by default with the Windows operating system. It includes WordPad Text Converters that allow users who do not have Microsoft Word installed to open documents in older file formats, including Microsoft Office Word 97.An unspecified error in the way that the WordPad Text Converter for Word 97 handles files in this format results in memory corruption that could allow an attacker to execute arbitrary code. Microsoft Office Word 97 files may have file extensions such as .doc, .wri, or .rtf. While Microsoft Office Word has the ability to open Office Word 97 files, it is not affected by this vulnerability. However, in the default configuration, Windows will open files having the .wri extension with WordPad. Therefore, it is likely that systems that have Microsoft Office Word installed will still open a malicious Microsoft Office Word 97 document with this extension using the affected WordPad. Disable the WordPad Text Converter for Word 97 file format
References
This document was written by Chad R Dougherty.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/926676 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6050 | |||
Oval ID: | oval:org.mitre.oval:def:6050 | ||
Title: | WordPad Word 97 Text Converter Stack Overflow Vulnerability | ||
Description: | The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4841 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
SAINT Exploits
Description | Link |
---|---|
Microsoft WordPad Word 97 text converter XST buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2008-12-12 | Name : WordPad and Office Text Converter Memory Corruption Vulnerability (960477) File : nvt/secpod_ms_wordpad_mult_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50567 | Microsoft Windows WordPad Text Converter Unspecified Memory Corruption |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-04-16 | IAVM : 2009-A-0032 - Multiple Vulnerabilities in WordPad and Office Text Converters Severity : Category I - VMSKEY : V0018752 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Word Converter XST structure buffer overflow attempt RuleID : 17406 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Word Converter XST structure buffer overflow attempt RuleID : 17405 - Revision : 11 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Word Converter XST structure buffer overflow attempt RuleID : 17404 - Revision : 13 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office WordPad and Office Text Converters XST parsing buffer overfl... RuleID : 15455 - Revision : 9 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-15 | Name : It is possible to execute arbitrary code on the remote Windows host using a t... File : smb_nt_ms09-010.nasl - Type : ACT_GATHER_INFO |