ID |
CVE-2008-4030
|
Summary |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*
-
cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*
cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*
cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*
|
CVSS |
Base: | 9.3 (as of 30-10-2018 - 16:25) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-399 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
msbulletin
via4
|
bulletin_id | MS08-072 | bulletin_url | | date | 2008-12-09T00:00:00 | impact | Remote Code Execution | knowledgebase_id | 957173 | knowledgebase_url | | severity | Critical | title | Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution |
|
oval
via4
|
accepted | 2014-06-30T04:11:05.227-04:00 | class | vulnerability | contributors | name | Jeff Ito | organization | Secure Elements, Inc. |
name | Sharath S | organization | SecPod Technologies |
name | Pradeep R B | organization | SecPod Technologies |
name | Shane Shaffer | organization | G2, Inc. |
name | Josh Turpin | organization | Symantec Corporation |
name | Sergey Artykhov | organization | ALTX-SOFT |
name | Maria Mikhno | organization | ALTX-SOFT |
| definition_extensions | comment | Microsoft Word 2000 is installed | oval | oval:org.mitre.oval:def:455 |
comment | Microsoft Word 2002 is installed | oval | oval:org.mitre.oval:def:973 |
comment | Microsoft Word 2003 is installed | oval | oval:org.mitre.oval:def:475 |
comment | Microsoft Word Viewer is installed | oval | oval:org.mitre.oval:def:737 |
comment | Microsoft Word 2007 is installed | oval | oval:org.mitre.oval:def:2074 |
comment | Microsoft Office Compatibility Pack is installed | oval | oval:org.mitre.oval:def:1853 |
comment | Microsoft Outlook 2007 is installed | oval | oval:org.mitre.oval:def:5352 |
| description | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. | family | windows | id | oval:org.mitre.oval:def:5737 | status | accepted | submitted | 2008-12-09T13:52:00-05:00 | title | Word RTF Object Parsing Vulnerability | version | 29 |
|
refmap
via4
|
cert | TA08-344A | sectrack | 1021370 | vupen | ADV-2008-3384 |
|
Last major update |
30-10-2018 - 16:25 |
Published |
10-12-2008 - 14:00 |
Last modified |
30-10-2018 - 16:25 |