Date: 18 December 2008
References: ESB-2008.0950 AU-2008.0024
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
A U S C E R T A L E R T
AL-2008.0125 -- AUSCERT ALERT
[Win]
A vulnerability has been identified in Microsoft Windows
WordPad Text Converter
18 December 2008
===========================================================================
AusCERT Alert Summary
---------------------
Product: Microsoft Windows WordPad Text Converter
Operating System: Windows
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CVE-2008-4841
Member content until: Thursday, January 08 2009
Revision History: December 18 2008: Mitigation updated
December 15 2008: Added CVE
December 11 2008: Initial Release
OVERVIEW:
A vulnerability has been identified in Microsoft Windows WordPad
Text Converter for Word 97 files. [1]
IMPACT:
This vulnerability could potentially allow attackers to execute
arbitrary code through specially crafted Word documents. [1]
MITIGATION:
While a patch has not been released at the time of this publication,
it is recommended that users do not open untrusted documents using
WordPad. A workaround has been provided by the vendor, which requires
the WordPad Text Converter for Word 97 to be disabled. For information
regarding this workaround, please see the Microsoft Security
Advisory. [1] For users of Windows XP Service Pack 2 the vendor
recommends upgrading to Service Pack 3 as it is unaffected by this
vulnerability. Additionally, Windows Vista and Windows Server 2008 are
unaffected. [1]
REFERENCES:
[1] Microsoft Security Advisory (960906) Vulnerability in WordPad
Text Converter Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/960906.mspx
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSUmwZih9+71yA2DNAQJdVQQAhV2JkDGZsVBBYkdRDtePjRb9Z1j5Wz+R
9odMfsqyi1N/npGEb62jVY/BJLzeLhymQjTTgExOuofexwBpZBRS17iu2+i9tRpW
aK1kuIxHYdA2l1zNxpO2daiWqP4lRE5iGDBJlBoTarOCKi2JVUdcHIM6PoFb0Qrg
rmYYjHcPdYo=
=IfWQ
-----END PGP SIGNATURE-----
|