Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4030

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4030
Last Modified 07 Mar 2011 10:11:49
Published 10 Dec 2008 09:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4030

Summary

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028.

Vulnerable Systems

Application

  • Microsoft Office 2004

  • Microsoft Office 2008

  • Microsoft Office Compatibility Pack For Word Excel Ppt 2007

  • Microsoft Office Outlook 2007

  • Microsoft Office Word 2000

  • Microsoft Office Word 2002

  • Microsoft Office Word 2003

  • Microsoft Office Word 2007

  • Microsoft Office Word Viewer 2003

  • Microsoft Open Xml File Format Converter

  • Microsoft Works 8


References

CERT - TA08-344A

VUPEN - ADV-2008-3384

SECTRACK - 1021370

MS - MS08-072

Related Patches

MS08-072 MS08-074 960402 Microsoft Office 2004 for Mac Update 11.5.3 (Rev 2)

MS08-072 MS08-074 960401 Microsoft Office 2008 for Mac Update 12.1.5


Last Updated: 27 May 2016 10:48:22