In association with heise online

25 June 2008, 10:41

Exploits appear for holes in MS Word and WordPad

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Demo exploits have been released for as yet unpatched vulnerabilities in Microsoft Word and WordPad which cause the programs to crash. In his advisory, exploit author Ivan Sanchez claims that he was able to reproduce the vulnerability in Word with Office 2000 and 2003 under Windows XP with SP2 and SP3. The vulnerability is said to be caused by the flawed processing of unordered lists. No details are available about the hole in WordPad, which is said to affect version 5.1 under XP with SP2 and SP3. Other product versions are also likely to be affected.

Sanchez suspects that attackers may also be able to exploit the two vulnerabilities to inject and execute arbitrary malicious code. In addition, he warns that the hole is currently being exploited actively but gives no further details. WordPad is part of the standard Windows installation. Until Microsoft has released patches users are advised not to trust DOC files from unknown sources even if they have installed all the previous updates.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit