CVE-2008-4841

{"id": "CVE-2008-4841", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-12-10T14:00:01.190", "references": [{"url": "http://milw0rm.com/sploits/2008-crash.doc.rar", "tags": ["Exploit"], "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/32997", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://securityreason.com/securityalert/4711", "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1021376", "source": "secure@microsoft.com"}, {"url": "http://www.microsoft.com/technet/security/advisory/960906.mspx", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/31399", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/32718", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2008/3390", "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2009/1024", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6050", "source": "secure@microsoft.com"}, {"url": "https://www.exploit-db.com/exploits/6560", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}, {"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure."}, {"lang": "es", "value": "El WordPad Text Converter para archivos Word 97 en Microsoft Windows 2000 SP4, XP SP2, y Server 2003 SP1 y SP2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo (1) .doc, (2) .wri, o (3) .rtf Word 97 manipulado que provoca una corrupci\u00f3n de memoria, como se ha explotado libremente en Diciembre de 2008. NOTA: desde 10122008, no est\u00e1 claro si esta vulnerabilidad est\u00e1 relacionada con un caso de WordPad descubierto en 25092008 con el ejemplo 2008-crash.doc.rar, pero no hay suficientes detalles para verificarlo."}], "lastModified": "2019-02-26T14:04:01.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:wordpad:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2531DDF2-D2AA-4919-B756-28478AEA5AA3"}, {"criteria": "cpe:2.3:a:microsoft:wordpad:unknown:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AD1E9AD-5463-48FD-812B-22E5A5460F09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543"}], "operator": "OR"}], "operator": "AND"}], "evaluatorComment": "http://www.microsoft.com/technet/security/advisory/960906.mspx\r\n\r\n\r\nMicrosoft Security Advisory (960906)\r\nVulnerability in WordPad Text Converter Could Allow Remote Code Execution\r\nPublished: December 9, 2008\r\n\r\nMicrosoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Windows XP Service Pack 3, Windows Vista, and Windows Server 2008 are not affected as these operating systems do not contain the vulnerable code.\r\n\r\nUpon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.\r\n\r\nAt this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited.\r\n\r\nWe continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.\r\n\r\nCustomers who believe that they have been attacked can obtain security support at Get security support and should contact the national law enforcement agency in their country. Customers in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at Internet Crime Complaint Center.\r\n\r\nMicrosoft continues to encourage customers to follow the \"Protect Your Computer\" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.\r\n\r\nMitigating Factors:\r\n\u2022\t\r\n\r\nThis issue does not affect Windows XP Service Pack 3, Windows Vista, and Windows Server 2008.\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.\r\n\u2022\t\r\n\r\nThe vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.\r\n\u2022\t\r\n\r\nWhen Microsoft Office Word is installed, Word 97 documents are by default opened using Microsoft Office Word, which is not affected by this vulnerability. However, an attacker could rename a malicious file to have a Windows Write (.wri) extension, which would still invoke WordPad. This file type can be blocked at the Internet perimeter.", "sourceIdentifier": "secure@microsoft.com"}