Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0108

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-0108
Last Modified 07 Mar 2011 12:00:00
Published 12 Feb 2008 06:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0108

Summary

Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office 2003

  • Microsoft Works 2005

  • Microsoft Works 8.0


References

CERT - TA08-043C

VUPEN - ADV-2008-0513

SECTRACK - 1019388

BID - 27659

MILW0RM - 5107

MS - MS08-011

SECUNIA - 28904

HP - SSRT080016

IDEFENSE - 20080208 Microsoft Office Works Converter Stack-based Buffer Overflow Vulnerability

HP - HPSBST02314


Last Updated: 27 May 2016 10:47:28