CVE-2008-4841

High PUBLISHED

The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute...

Microsoft · Windows

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
9.3 High

At a Glance

The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.

windows
CVE Published
Dec 10, 2008
Exploitation Reported
Dec 10, 2008
CVSS
9.3 High
EPSS
Remote Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • MS09-010 docs.microsoft.com · Vendor Advisory https://docs.microsoft.com/en-us/security-updates/securitybulletins/2...
  • 32997 secunia.com · Third-Party Advisory http://secunia.com/advisories/32997
  • TA09-104A us-cert.gov · Third-Party Advisory http://www.us-cert.gov/cas/techalerts/TA09-104A.html
  • 4711 securityreason.com · Third-Party Advisory http://securityreason.com/securityalert/4711
  • 6560 exploit-db.com · Exploit https://www.exploit-db.com/exploits/6560
Show 8 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.