10 December, 2008

Microsoft reports a new vulnerability in WordPad Text Converter for Word 97

I suspect this will only impact a very few people, but the threat is real. If you are viewing Word 97 documents using WordPad, because you do not have Word installed and you use one of the following OSs, then you're at risk.
  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 2
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 Service Pack 2
Unfortunately, unless you get a Word file in the new .docx, I don't know how you easily tell different Word versions apart. If you fit into this category of having a vulnerable system, I would suggest not opening any Word documents sent to you, unless you know very specifically what the user has sent.

If you are unsure of the source, but you still want to open it, at least go through the extra work to make sure it was not created in Word 97. To do this:
  • Right-click the Word file
  • Click Properties
  • Click the Summary tab
  • Scroll down to the Application Name and make sure it does NOT read Microsoft Word 8.0
If you really must open it, find a free Word alternative such as OpenOffice. If you are unable to install an alternative such as OpenOffice and you fear you may open Word 97 documents by mistake, you can always disable the WordPad Text Converter for Word 97 file format.
  • Go to the Command Prompt (Start >Run... > cmd)
  • Enter the following: echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd8.wpc" /E /P everyone:N
Again, this is only a reported vulnerability -- there has not been any reported systems being compromised as of yet due to this. And, this vulnerability should only impact a very few systems -- check the top of this post to validate whether your system is impacted.

No comments: