CVE-2008-4841 Information

Feb 14, 2021 cve

Description

The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4 XP SP2 and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc (2) .wri or (3) .rtf Word 97 file that triggers memory corruption as exploited in the wild in December 2008. NOTE: As of 20081210 it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example but there are insufficient details to be sure.

Reference

http://milw0rm.com/sploits/2008-crash.doc.rar http://secunia.com/advisories/32997 http://securityreason.com/securityalert/4711 http://securitytracker.com/id?1021376 http://www.microsoft.com/technet/security/advisory/960906.mspx http://www.securityfocus.com/bid/31399 http://www.securityfocus.com/bid/32718 http://www.us-cert.gov/cas/techalerts/TA09-104A.html http://www.vupen.com/english/advisories/2008/3390 http://www.vupen.com/english/advisories/2009/1024 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6050 https://www.exploit-db.com/exploits/6560

Share on: