Two new Windows exploits in the Wild | Wordpad Text Converter | Internet Explorer 7 XML Parser



In the wake of a huge patch Tuesday, Microsoft has two new fires to be fighting. There are apparently “limited and targeted” attacks against a flaw with the Text converter component of Wordpad. Affected systems include Windows 2000 SP4, XP up to SP2, Server 2003 SP1 and 2. Vista is not affected Server 2008 is not affected, XP SP3 is not affected. Read on for more on this one (AND the Explorer 0-day)


This particular exploit requires user interaction. So, this one seems to be exploited by sending a specially crafted file as an email attachment. The user clicks to open it and they’re bit.

Computer World has more details.

On the OTHER front – that is Internet Explorer:

Sans is reporting a 0-day vulnerability in the wild for Internet Explorer that affects a fully patched XP system (yes INCLUDING December’s patch Tuesday updates.) The exploit is not in wide use currently, but the source code is available so…. buckle up it’s going to be an interesting month. I wonder if we’ll see them actually break their patch cycle for this one. It would be a GOOD candidate to patch before the holidays.

It looks as though the XML parser is under attack in this one – The attack tests to run on Internet Explorer 7 only on Windows XP or Windows 2003.

They haven’t tested on Internet Explorer 6 or Vista.

Related Posts

Blog Traffic Exchange Related Posts
  • Another problem with one of the Microsoft Patches... Last month, April, the Microsoft patch cycle had one problem patch that broke certain explorer extensions (most notable some HP software...) This time around it looks like the Flash patch that they distributed has given a few people fits. For starters, yes it's odd for Microsoft to distribute a patch......
  • Remote Tech Support with x11vnc and wrapper script So, the idea is that I wanted something "like" the Ultranvnc Single Click download, only for linux. The main idea being is that if someone is looking for a bit of desktop tech support on linux, we don't need to be giving instructions for 5 different package managers, or source......
  • Microsoft releases official VML patch!! The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that's been actively exploited in recent days for everything from sneak keylogger installs to massive spyware installs. Sans has a few links, if you de-registered......
Blog Traffic Exchange Related Websites
  • Download Microsoft Windows 7 RC Hi Folks, Microsoft has released Windows 7 RC. Here's what you need to know: This is pre-release software, so please read the following to get an idea of the risks and key things you need to know before you try the RC. You don't need to rush to get the......
  • Windows Help Center Application Pose Grave Threat to Windows XP/Server 2003 "A new vulnerability has been reported to the general public this morning via the “Full-Disclosure” mailing list, and it is quite troubling", stated by Jonathan Davis, an IT Security Consultant in the Washington DC metro area.  He further stated, "There is a vulnerability that exists in the Windows help center......
  • A Container Garden for Small Spaces If you don't have much room for gardening but love to grow your own flowers or vegetables, try a container garden. You can enjoy growing everything from veggies to trees on a porch, patio or balcony. A wide variety of flowers, vegetables and other plants do very well in containers......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site