http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9123100 By Gregg Keizer December 10, 2008 Computerworld On the same day that Microsoft Corp. released its biggest batch of security patches in more than five years, the company also warned Windows users of a critical bug that it didn't get around to fixing. In an advisory posted yesterday, Microsoft said that "limited and targeted" attacks are in progress by hackers exploiting an unpatched vulnerability in the WordPad Text Converter, a tool included with all versions of Windows. The flawed converter handles Microsoft Word 97 files on Windows 2000 Service Pack 4 (SP4), XP SP2, Server 2003 SP1 and SP2. Newer versions of Windows -- XP SP3, Vista and Server 2008 -- are not vulnerable to the bug, however. WordPad is a basic word processor that has been bundled with Microsoft's operating system since Windows 95. The converter allows people who don't have the company's Word application to open documents in Windows Write, Word 6.0, Word 97, Word 2000 and Word 2002 formats. Microsoft said that the WordPad converter bug requires some help from the user, who must be tricked into actually opening a malicious file -- most likely delivered as an e-mail attachment. [...] _______________________________________________ Help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.htmlReceived on Wed Dec 10 2008 - 22:27:09 PST
This archive was generated by hypermail 2.2.0 : Wed Dec 10 2008 - 22:52:20 PST