CVE-2008-4841

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the patchday that contains the fix for this issue

Description A remote code execution issue exists in the way that Microsoft WordPad processes memory when parsing a specially crafted Word 97 document. This could allow remote code execution if a user opens a specially crafted Word file that includes a malformed list structure. The issue has been exploited in the wild.

Recommendations As a temporary workaround, consider disabling the WordPad Text Converter for Word 97 files until a patch is available. Restrict access to Word 97 files to minimize the risk of exploitation. Avoid using WordPad to open untrusted Word 97 documents until the issue is resolved.