|
SecPod ID: 10088 Microsoft Windows WordPad Text Converter Vulnerability |
Status: Public Report Release Date: 10-12-2008 Severity: Critical CVSS Base Score: 9.7 (AV:N/AC:L/Au:NR/C:P/I:C/A:C) CVSS Temporal Score = 8.2 |
|
Affected Software/OS/Device: - Microsoft Windows 2000 Advanced Server |
Impact Level: Application |
|
OpenVAS Plugin ID: 900065 Snort Signature ID: OVAL ID: |
|
|
Vulnerability Insight:
Overview: Microsoft Windows WordPad is prone to Multiple Vulnerabilities.
Description: This flaw is due to - Unspecified error in the WordPad Text Converter for Word 97 files which can cause memory corruption.
Impact : Successful exploitation will let the attacker execute malicious arbitrary codes in the context of the applications.
CVSS Score Report: ACCESS_VECTOR = NETWORK
Workaround: Do not open untrusted documents using WordPad. Microsoft recommends to upgrade your Windows XP Service Pack 2 to 3 as the vulnerability is not currently exploitable in that environment. Fix: Solution/Patch not available as on 10th December 2008. For further updates refer,
References:
|