CVE-2008-4841

EXPLOITED IN THE WILD

Microsoft WordPad - Remote Code Execution via Crafted Word 97 File

Title source: llm

Exploitation Summary

CVE-2008-4841 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including securfrog.

AI-analyzed exploit summary The provided entry references an external download for a Wordpad .doc file PoC but contains no actual exploit code or technical details. It relies on an off-site RAR file, which is a common tactic for suspicious or malicious repositories.

Description

The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.

Exploits (1)

exploitdb SUSPICIOUS VERIFIED

by securfrog · textdoswindows

https://www.exploit-db.com/exploits/6560

View Code ZIP pw:eip

The provided entry references an external download for a Wordpad .doc file PoC but contains no actual exploit code or technical details. It relies on an off-site RAR file, which is a common tactic for suspicious or malicious repositories.

Classification

Suspicious 90%

Attack Type

Dos

Complexity

Theoretical

Reliability

Theoretical

Target: Microsoft Windows Wordpad

No auth needed

Prerequisites: Access to the external download link

devstral-2 · analyzed Feb 18, 2026 Full analysis →