Two new Windows exploits in the Wild | Wordpad Text Converter | Internet Explorer 7 XML Parser



In the wake of a huge patch Tuesday, Microsoft has two new fires to be fighting. There are apparently “limited and targeted” attacks against a flaw with the Text converter component of Wordpad. Affected systems include Windows 2000 SP4, XP up to SP2, Server 2003 SP1 and 2. Vista is not affected Server 2008 is not affected, XP SP3 is not affected. Read on for more on this one (AND the Explorer 0-day)


This particular exploit requires user interaction. So, this one seems to be exploited by sending a specially crafted file as an email attachment. The user clicks to open it and they’re bit.

Computer World has more details.

On the OTHER front – that is Internet Explorer:

Sans is reporting a 0-day vulnerability in the wild for Internet Explorer that affects a fully patched XP system (yes INCLUDING December’s patch Tuesday updates.) The exploit is not in wide use currently, but the source code is available so…. buckle up it’s going to be an interesting month. I wonder if we’ll see them actually break their patch cycle for this one. It would be a GOOD candidate to patch before the holidays.

It looks as though the XML parser is under attack in this one – The attack tests to run on Internet Explorer 7 only on Windows XP or Windows 2003.

They haven’t tested on Internet Explorer 6 or Vista.

   Send article as PDF   

Similar Posts