CVE-2008-4841

Exp

The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.

公开: 2008-12-10 最后更新: 2026-06-16 分配方: [email protected] 来源: [email protected]

结论预警: CVE-2008-4841 综合评估为高可利用风险(81.7/100):CVSS 技术影响为严重级,利用概率偏高(EPSS 43.03%,百分位 99%) 核心证据: 已收录 2 条公开利用参考(Exploit-DB)。 强制指令: 存在公开利用—请排查暴露面、落实缓解措施并优先修补。

风险随态势动态变化;本站持续评估并同步更新本页展示内容。

CVE-2008-4841 的公开 exploit 引用(Exploit-DB)

EDB-ID 来源 类型 公开时间 链接
6560 exploit_db edb 2008-09-25 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

CVE-2008-4841 的 EPSS(利用预测评分)

EPSS 日更估计相对被利用可能性;百分位表示该 CVE 在已评分漏洞中的相对排名(越高表示相对更严重)。

# 日期 旧 EPSS 分数 新 EPSS 分数 变化(新 − 旧)
1 2026-06-15 74.55% 43.03% -31.52%
2 2025-12-28 70.77% 74.55% +3.78%
3 2025-12-27 70.77%

完整 EPSS 历史 (共 27 条)

CVE-2008-4841 的 CVSS 指标

该 CVE 的 CVSS 指标。

底座分 版本 严重度 向量 可利用性 影响 分数来源
9.3 2.0 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C 点击展开
访问路径 (AV:N)
只要路由可达,即可从远端发起利用。
访问复杂度 (AC:M)
需要若干有利条件,但不至于“千年一遇”。
认证 (AU:N)
全程无需有效身份。
机密性影响 (C:C)
机密性被完全破坏。
完整性影响 (I:C)
完整性被完全破坏。
可用性影响 (A:C)
可用性被完全破坏。
8.6 10.0 [email protected]

CVE-2008-4841 的弱点枚举

CVE-2008-4841 的 NVD 评估备注

评论: http://www.microsoft.com/technet/security/advisory/960906.mspx Microsoft Security Advisory (960906) Vulnerability in WordPad Text Converter Could Allow Remote Code Execution Published: December 9, 2008 Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Windows XP Service Pack 3, Windows Vista, and Windows Server 2008 are not affected as these operating systems do not contain the vulnerable code. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed. Customers who believe that they have been attacked can obtain security support at Get security support and should contact the national law enforcement agency in their country. Customers in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at Internet Crime Complaint Center. Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home. Mitigating Factors: • This issue does not affect Windows XP Service Pack 3, Windows Vista, and Windows Server 2008. • An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. • The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message. • When Microsoft Office Word is installed, Word 97 documents are by default opened using Microsoft Office Word, which is not affected by this vulnerability. However, an attacker could rename a malicious file to have a Windows Write (.wri) extension, which would still invoke WordPad. This file type can be blocked at the Internet perimeter.

CVE-2008-4841 的影响软件 / 配置

厂商 产品 版本 原始 CPE
microsoft wordpad cpe:2.3:a:microsoft:wordpad:*:*:*:*:*:*:*:*
microsoft wordpad unknown cpe:2.3:a:microsoft:wordpad:unknown:*:*:*:*:*:*:*

CVE-2008-4841 的参考链接

cvelogic Threat Intelligence