Two new Windows exploits in the Wild | Wordpad Text Converter | Internet Explorer 7 XML Parser



In the wake of a huge patch Tuesday, Microsoft has two new fires to be fighting. There are apparently “limited and targeted” attacks against a flaw with the Text converter component of Wordpad. Affected systems include Windows 2000 SP4, XP up to SP2, Server 2003 SP1 and 2. Vista is not affected Server 2008 is not affected, XP SP3 is not affected. Read on for more on this one (AND the Explorer 0-day)


This particular exploit requires user interaction. So, this one seems to be exploited by sending a specially crafted file as an email attachment. The user clicks to open it and they’re bit.

Computer World has more details.

On the OTHER front – that is Internet Explorer:

Sans is reporting a 0-day vulnerability in the wild for Internet Explorer that affects a fully patched XP system (yes INCLUDING December’s patch Tuesday updates.) The exploit is not in wide use currently, but the source code is available so…. buckle up it’s going to be an interesting month. I wonder if we’ll see them actually break their patch cycle for this one. It would be a GOOD candidate to patch before the holidays.

It looks as though the XML parser is under attack in this one – The attack tests to run on Internet Explorer 7 only on Windows XP or Windows 2003.

They haven’t tested on Internet Explorer 6 or Vista.

Related Posts

Blog Traffic Exchange Related Posts
  • 7 Updates coming from Microsoft in July We can expect 7 updates next week from Microsoft on the monthly patch day for July. Four of the updates will be for Windows, and 3 for Microsoft Office. There will be at least one critical update for each. It's expected that we'll see an update for the Excel issues......
  • Other MS patch news as well as a Yahoo vulnerability? Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS... "this is a DoS only issue that was not addressed in......
  • Microsoft Releasing out of Cycle Patch for Internet Explorer Exploit Take a look at the official announcement. They've moved outside the usual update cycle for this one. VERY good move Microsoft to get this patch in before the holidays as it looks as though there's been a spike in the use of this particular exploit and with people doing a......
Blog Traffic Exchange Related Websites
  • Tech Support - Funny Video Series While surfing through Youtube, I stumbled across this fun-filled tech support video series. All of the videos are sure to give you good amount of chuckle. I liked all of them, but first one is my favorite. Surely a stress buster after a bad day in office :) Enjoy! Tech......
  • Steadfast Finances was Hacked, Now Restored. (Thanks HostGator!) Last week, several lines of "seemingly malicious code" found its way into SF's theme. This prompted Google, Firefox, Google Chrome and even Twitter, to quickly label this blog as a "Reported Attack Site". If you happened to visit SF from the RSS feed, the email subscriber list, or basically clicked......
  • How Good Is Your Browser For HTML5? As the next major revision to HTML language is in progress - called HTML 5, leading browsers already started incorporating some of the features proposed in this standard. HTML5 provides array of tools to fulfill the needs of modern multimedia-rich web applications. With all the hype surrounding HTML5, no wonder......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site