Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4028

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4028
Last Modified 07 Mar 2011 12:00:00
Published 10 Dec 2008 09:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4028

Summary

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030.

Vulnerable Systems

Application

  • Microsoft Office 2004

  • Microsoft Office 2008

  • Microsoft Office Compatibility Pack For Word Excel Ppt 2007

  • Microsoft Office Outlook 2007

  • Microsoft Office Word 2000

  • Microsoft Office Word 2002

  • Microsoft Office Word 2003

  • Microsoft Office Word 2007

  • Microsoft Office Word Viewer 2003

  • Microsoft Open Xml File Format Converter

  • Microsoft Works 8


References

CERT - TA08-344A

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-085/

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-085

VUPEN - ADV-2008-3384

SECTRACK - 1021370

BUGTRAQ - 20081209 ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow Vulnerability

MS - MS08-072

Related Patches

MS08-072 MS08-074 960402 Microsoft Office 2004 for Mac Update 11.5.3 (Rev 2)

MS08-072 MS08-074 960401 Microsoft Office 2008 for Mac Update 12.1.5


Last Updated: 27 May 2016 10:48:22