This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature will detect attempts to exploit a Remote Code Execution in Wordpad.
Microsoft WordPad Text Converter is installed by default to facilitate the opening of Word documents by some applications, even if Word isn't installed.
Microsoft WordPad Text Converter is prone to a remote memory-corruption vulnerability because the software fails to properly parse specially crafted fields contained in a Word 97 file.
An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file using the affected application.
Successful exploits will allow the attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions.
The vendor has released an advisory and updates. Please see the references for details.