Home > Daily Thoughts, Emerging Threats, Exploits > IE & WordPad Zero Day In-The-Wild

IE & WordPad Zero Day In-The-Wild

IE XML Parsing Remote Buffer OverFlow Exploit [Read Shadowserver Diary]

As many of you have seen, there is a new 0-day exploit in the wild affecting Internet Explorer 7 users. This is a new exploit that is being actively exploited and it was not patched yesterday (meaning there is no patch available, yet). Visiting a website with this exploit can result in a full compromise of an affected system. Currently most of the exploits out there will attempt to download a trojan onto the system.

Recommendation: Do NOT use IE until patch.

Reference: ISC Diary ;  SecmaniacBlog

PoC: 7403 ; 7410

oooOOooo

Microsoft Security Advisory (960906): Vulnerability in WordPad Text Converter Could Allow Remote Code Execution 

Recommendation: Do not use WordPad to open files with .doc, .wri, or .rtf extensions that you receive from untrusted sources or receive unexpectedly from trusted sources. This vulnerability could be exploited when using WordPad to open a specially crafted file. We also recommend customers using Windows XP to upgrade to Windows XP Service Pack 3, which is not affected. 

Affected Systems: Microsoft Windows 2000 Service Pack 4; Windows XP Service Pack 2 Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 ;Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 ; Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems ; Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2

Reference: MS Advisory; CVE-2008-4841Secunia Advisories ; Security Focus

PoC: 6560 ; 31399


  1. S. Joblard
    December 11, 2008 at 10:38 am

    Just to inform you that Microsoft Word 2008 on Mac is also affected by the WordPad vulnerability.

    Mac Users pay attention…

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: