In the wake of a huge patch Tuesday, Microsoft has two new fires to be fighting. There are apparently “limited and targeted” attacks against a flaw with the Text converter component of Wordpad. Affected systems include Windows 2000 SP4, XP up to SP2, Server 2003 SP1 and 2. Vista is not affected Server 2008 is not affected, XP SP3 is not affected. Read on for more on this one (AND the Explorer 0-day)
Tag: 0-day
-
How much is a 0-day vulnerability worth?
ZDnet has this article today of an ebay auction for information on a Microsoft Excel vulnerability that the auction-seller had notified Microsoft of.
An online auction of a “brand new vulnerability” in Microsoft Excel had reached about $60 when eBay pulled the item late Thursday.
A seller using the name “fearwall” started the auction Wednesday evening at 1 cent. It was up to $56 on Thursday afternoon with 21 bids placed, and eBay quashed the auction soon after that.