Microsoft has released an advisory on a vulnerability in WordPad. Vulnerability is in WordPad text converter and could allow remote code execution. It can be exploited by luring user to open specifically crafted Word 97 file with WordPad. Microsoft says that it's investigating the issue.
Mentioned vulnerability affects Microsoft WordPad on Windows 2000 SP 4, Windows XP SP 2, Windows Server 2003 SP 1 and Windows Server 2003 SP 2. At the moment, general fix doesn't exist. Windows XP users can fix the vulnerability by installing service pack 3.
To limit vulnerability effects opening .doc, .wri or .rtf files with unknown origin should be avoided.
According to the advisory effects can be limited also by disabling the WordPad Text Converter for Word 97 file format. That will be done by running following command:
echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd8.wpc" /E /P everyone:N
About the impact of the workaround can be read from the advisory.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment