ID CVE-2008-4027
Summary Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*
    cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*
    cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS08-072
bulletin_url
date 2008-12-09T00:00:00
impact Remote Code Execution
knowledgebase_id 957173
knowledgebase_url
severity Critical
title Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution
oval via4
accepted 2014-06-30T04:11:14.895-04:00
class vulnerability
contributors
  • name Jeff Ito
    organization Secure Elements, Inc.
  • name Sharath S
    organization SecPod Technologies
  • name Pradeep R B
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Josh Turpin
    organization Symantec Corporation
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Word 2000 is installed
    oval oval:org.mitre.oval:def:455
  • comment Microsoft Word 2002 is installed
    oval oval:org.mitre.oval:def:973
  • comment Microsoft Word 2003 is installed
    oval oval:org.mitre.oval:def:475
  • comment Microsoft Word Viewer is installed
    oval oval:org.mitre.oval:def:737
  • comment Microsoft Word 2007 is installed
    oval oval:org.mitre.oval:def:2074
  • comment Microsoft Office Compatibility Pack is installed
    oval oval:org.mitre.oval:def:1853
  • comment Microsoft Outlook 2007 is installed
    oval oval:org.mitre.oval:def:5352
description Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability."
family windows
id oval:org.mitre.oval:def:6098
status accepted
submitted 2008-12-09T13:52:00-05:00
title Word RTF Object Parsing Vulnerability
version 29
refmap via4
bugtraq 20081209 ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability
cert TA08-344A
misc
sectrack 1021370
vupen ADV-2008-3384
Last major update 30-10-2018 - 16:25
Published 10-12-2008 - 14:00
Last modified 30-10-2018 - 16:25
Back to Top