Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1091

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1091
Last Modified 07 Mar 2011 10:05:56
Published 13 May 2008 06:20:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1091

Summary

Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office 2000

  • Microsoft Office 2003

  • Microsoft Office 2004

  • Microsoft Office 2007

  • Microsoft Office 2007 Sp1

  • Microsoft Office 2008

  • Microsoft Office Compatibility Pack For Word Excel Ppt 2007

  • Microsoft Office Xp

  • Microsoft Word Viewer 2003


References

CERT - TA08-134A

CERT-VN - VU#543907

MS - MS08-026

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-023

VUPEN - ADV-2008-1504

SECTRACK - 1020013

BID - 29104

BUGTRAQ - 20080513 ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability

SECUNIA - 30143

HP - SSRT080071

HP - HPSBST02336

Related Patches

MS08-026 951207 952331 Microsoft Office 2008 for Mac Service Pack 1 (12.1.0) (Rev 2)

MS08-026 951207 952332 Microsoft Office 2004 for Mac Update 11.4.2 (Rev 3)


Last Updated: 27 May 2016 10:47:01