Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Another Interesting Microsoft 0-day Exploit

Earlier this week Microsoft published a Security Advisory dealing with a remote code execution vulnerability in WordPad that is being actively exploited, though only in a limited capacity at the time of publishing.

How a basic text editor could be vulnerable to a remote code execution flaw is an interesting case. It appears that the problem is with the text converter used to convert Word 97 files to a format appropriate for display in WordPad. This puts it in the same sort of league as antivirus scanning engine vulnerabilities that can be targeted by the very malware that it is trying to detect.

While detailed technical details have yet to be released describing how the vulnerability specifically works, it is believed that there are one or more weak conversion / filtering routines in the text converter that can be targeted with specific Word 97 formatting and from there allow the execution of code in the context of the current user.

Users who are running Windows 2000, XP (Service Pack 2 and earlier), and 2003 are vulnerable to this particular issue and the discovery that there are active attacks targeting this flaw means that there is greater importance in applying special handling to .wri filetypes, filetypes that many had previously considered safe when associated with WordPad.

11 December 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.