CVE-2011-0028

Microsoft WordPad < XP SP2/SP3 & Server 2003 SP2 - RCE

Title source: llm
STIX 2.1

Description

WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12301

Scores

EPSS 0.2360
EPSS Percentile 97.5%

Details

CWE
CWE-94
Status published
Products (2)
microsoft/windows_server_2003
microsoft/windows_xp (2 CPE variants)
Published Apr 13, 2011
Tracked Since Feb 18, 2026