Microsoft WordPad Word 97 text converter XST buffer overflow

Added: 04/17/2009
CVE: CVE-2008-4841
BID: 32718
OSVDB: 50567

Background

The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files.

Problem

A buffer overflow vulnerability allows command execution when WordPad is used to open a Word 97 file containing a specially crafted XST structure.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-010.

References

http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx

Limitations

Exploit works on Windows 2000 and requires a user to open the exploit file in WordPad.

Platforms

Windows 2000

Back to exploit index