CVE-2008-4841

EXPLOITED IN THE WILD

Microsoft Wordpad - Resource Management Error

Title source: rule

Description

The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.

Exploits (1)

exploitdb SUSPICIOUS VERIFIED

by securfrog · textdoswindows

https://www.exploit-db.com/exploits/6560

View Code ZIP pw:eip

References (13)

[Exploit] http://milw0rm.com/sploits/2008-crash.doc.rar

[Vendor Advisory] http://secunia.com/advisories/32997

[Vendor Advisory] http://www.microsoft.com/technet/security/advisory/960906.mspx

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA09-104A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6050

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31399

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/32718

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6560

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1021376

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/3390

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/1024

[Third Party Advisory] http://securityreason.com/securityalert/4711

Scores

EPSS 0.7455

EPSS Percentile 98.9%

Details

VulnCheck KEV 2008-12-10

InTheWild.io 2019-02-26

CWE

CWE-399

Status published

Products (2)

microsoft/wordpad

microsoft/wordpad unknown

Published Dec 10, 2008

Tracked Since Feb 18, 2026