CVE-2008-0102 - Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attac

CVE-2008-0102

Summary

Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:publisher:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:publisher:2003:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:publisher:2003:sp2:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 12-10-2018 - 21:44)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

oval via4

accepted

2014-08-18T04:05:57.408-04:00

class

vulnerability

contributors

name Sudhir Gandhe
organization Secure Elements, Inc.
name Shane Shaffer
organization G2, Inc.
name Maria Kedovskaya
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT

definition_extensions

comment Microsoft Publisher 2000 is installed
oval oval:org.mitre.oval:def:427
comment Microsoft Publisher 2002 is installed
oval oval:org.mitre.oval:def:734
comment Microsoft Publisher 2003 is installed
oval oval:org.mitre.oval:def:239

description

family

windows

oval:org.mitre.oval:def:5305

status

accepted

submitted

2008-02-12T17:59:01

title

Publisher Invalid Memory Reference Vulnerability

version

refmap via4

bid	27739
cert	TA08-043C
hp	HPSBST02314 SSRT080016
sectrack	1019376
secunia	28906
vupen	ADV-2008-0514

Last major update

12-10-2018 - 21:44

Published

12-02-2008 - 23:00

Last modified

12-10-2018 - 21:44