Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1088

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1088
Last Modified 07 Mar 2011 10:05:55
Published 08 Apr 2008 07:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1088

Summary

Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."

Vulnerable Systems

Application

  • Microsoft Project 2000

  • Microsoft Project 2002

  • Microsoft Project 2003


References

CERT-VN - VU#155563

CERT - TA08-099A

BID - 28607

MS - MS08-018

SECUNIA - 29690

XF - project-file-code-execution(41447)

VUPEN - ADV-2008-1142

SECTRACK - 1019797

HP - HPSBST02329

HP - SSRT080048


Last Updated: 27 May 2016 10:47:28