Microsoft reports a new vulnerability in WordPad Text Converter for Word 97

-
I suspect this will only impact a very few people, but the threat is real. If you are viewing Word 97 documents using WordPad, because you do not have Word installed and you use one of the following OSs, then you're at risk.
  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 2
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 Service Pack 2
Unfortunately, unless you get a Word file in the new .docx, I don't know how you easily tell different Word versions apart. If you fit into this category of having a vulnerable system, I would suggest not opening any Word documents sent to you, unless you know very specifically what the user has sent.

If you are unsure of the source, but you still want to open it, at least go through the extra work to make sure it was not created in Word 97. To do this:
  • Right-click the Word file
  • Click Properties
  • Click the Summary tab
  • Scroll down to the Application Name and make sure it does NOT read Microsoft Word 8.0
If you really must open it, find a free Word alternative such as OpenOffice. If you are unable to install an alternative such as OpenOffice and you fear you may open Word 97 documents by mistake, you can always disable the WordPad Text Converter for Word 97 file format.
  • Go to the Command Prompt (Start >Run... > cmd)
  • Enter the following: echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd8.wpc" /E /P everyone:N
Again, this is only a reported vulnerability -- there has not been any reported systems being compromised as of yet due to this. And, this vulnerability should only impact a very few systems -- check the top of this post to validate whether your system is impacted.

Comments

Post a Comment

Popular posts from this blog

Digital Signatures in PDF Do Not Print

-
Image
Trouble getting the digital signature in a PDF to print? The solution is actually simpler than you might think. With your document open in Adobe Acrobat Reader, click File >> Print. When the Print dialog box opens, look for the "Comments and Forms:" drop-down below the Properties button, located in the upper-right. Click the drop-down and select "Document and Markups." Now print. That's all there is to it.
Read more

Referencing the value of a cell, not its formula

-
Image
In Excel, I will use formulas quite frequently for my analysis. At times I want to reference the resulting value of the formula for comparison or to feed another formula. Unfortunately, if you are doing a comparison, Excel will try to compare the formula instead of the formulas results. Well, turns out there is an easy way to correct this. If you want your formula result to be a number, then use the VALUE function. If you want the formula result to be text, use the TEXT function. Here is the syntax for each: VALUE(text) TEXT(value,format_text) -- The format_text value can be any format from the Category box on the Number tab (in the Format Cells dialog box) except General. Here is an example of each: =VALUE(MID(A2,46,FIND("&",A2)-46)) -- this actually finds a number beginning with the 46th character of a string, and continues until it finds the ampersand character. By wrapping the formula with VALUE, I can now compare the number to other numbers in my looku
Read more

CorelDRAW X4 Crash on Startup

-
I had a fresh install of CorelDRAW X4, and each time I tried to start it, it would crash. After some searching through Google, I found the following fix. Open the folder C:\Program Files\Corel\CorelDRAW Graphics Suite X4\Programs\UIConfig\CorelDRAW Edit DrawUI.xml Find the line <dockpage guidref="bc1e2f70-3b58-41cd-8406-aaa550482972" visible="true" selected="true"> Change visible="false" and remove selected="true" <dockpage guidref="bc1e2f70-3b58-41cd-8406-aaa550482972" visible="false"> Save and close DrawUI.xml Fold down F8 and restart CorelDRAW X4 When prompted to update settings, select OK That did the trick for me. Apparently it is caused by a conflict with MFC dlls that are installed (version 1833) with SQL2008.
Read more