CVE-2008-1088 - Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attacke

CVE-2008-1088

Summary

Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*
cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*
cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:project:2003:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:project:2003:sp2:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 12-10-2018 - 21:45)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

oval via4

accepted

2012-05-28T04:01:53.390-04:00

class

vulnerability

contributors

name Sudhir Gandhe
organization Secure Elements, Inc.
name Mike Lah
organization The MITRE Corporation
name Shane Shaffer
organization G2, Inc.

definition_extensions

comment Microsoft Project 2000 SR1 is installed
oval oval:org.mitre.oval:def:518
comment Microsoft Project 2002 SP1 is installed
oval oval:org.mitre.oval:def:707
comment Microsoft Project 2003 SP2 is installed
oval oval:org.mitre.oval:def:4586

description

family

windows

oval:org.mitre.oval:def:5384

status

accepted

submitted

2008-04-08T16:04:00

title

Project Memory Validation Vulnerability

version

refmap via4

bid	28607
cert	TA08-099A
cert-vn	VU#155563
hp	HPSBST02329 SSRT080048
sectrack	1019797
secunia	29690
vupen	ADV-2008-1142
xf	project-file-code-execution(41447)

Last major update

12-10-2018 - 21:45

Published

08-04-2008 - 23:05

Last modified

12-10-2018 - 21:45