Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1434

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1434
Last Modified 12 Apr 2011 12:00:00
Published 13 May 2008 06:20:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1434

Summary

Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.

Vulnerable Systems

Application

  • Microsoft Office 2000

  • Microsoft Office 2003

  • Microsoft Office 2004

  • Microsoft Office 2007

  • Microsoft Office 2007 Sp1

  • Microsoft Office 2008

  • Microsoft Office Compatibility Pack For Word Excel Ppt 2007

  • Microsoft Office Xp

  • Microsoft Word Viewer 2003


References

CERT - TA08-134A

BID - 29105

MS - MS08-026

VUPEN - ADV-2008-1504

SECTRACK - 1020014

SECUNIA - 30143

HP - SSRT080071

IDEFENSE - 20080513 Microsoft Word CSS Processing Memory Corruption Vulnerability

HP - HPSBST02336

Related Patches

MS08-026 951207 952331 Microsoft Office 2008 for Mac Service Pack 1 (12.1.0) (Rev 2)

MS08-026 951207 952332 Microsoft Office 2004 for Mac Update 11.4.2 (Rev 3)


Last Updated: 27 May 2016 10:49:56