Microsoft Security Advisory announced users that there are two vulnerabilities concerning WordPad and Internet Explorer 7. The security breaches could be used by an attacker to enter the user’s computer and infiltrate malicious code.

Internet Explorer 7’s security issues refer to an XML breakdown that can lead to an overall PC take over by the attacker. The breach can be exploited by inserting malicious code through an infected website. An attacker could easily insert a key-logger, a program which registers every keystroke, in order to obtain passwords and credit card information.

Regarding the WordPad security flaw, Microsoft Security Advisory reported that the issue only applies to 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 operating systems. The Security Advisory stated that Windows XP SP3, Windows Vista and Windows Server 2008 are not affected, as these operating systems don’t contain the vulnerable code. Microsoft issued a disclaimer in which they state that they are investigating the vulnerability. The company also said that there are only a few number of attacks that could use this vulnerability.

The good news is that the WordPad vulnerabilities cannot be exploited automatically. The only way users could be affected is by opening e-mail attachments containing the malicious code, according to the Microsoft Security Advisory.

Microsoft has published several workarounds on its website, even though a patch is expected in a month or so. Senior research manager at Symantec Corporation, Ben Greenbaum, stated that these vulnerabilities are neither reliable for the attacker nor critical to end-users because “they don't even work 50 percent of the time.”