CVE-2008-0103 - Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2

CVE-2008-0103

Summary

Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2004:*:mac\+os:*:*:*:*:*
cpe:2.3:a:microsoft:office:2004:*:mac\+os:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 12-10-2018 - 21:44)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

oval via4

accepted

2010-02-01T04:00:10.976-05:00

class

vulnerability

contributors

name Sudhir Gandhe
organization Secure Elements, Inc.
name Clifford Farrugia
organization GFI Software
name Mike Lah
organization The MITRE Corporation

definition_extensions

comment Microsoft Office 2000 is installed
oval oval:org.mitre.oval:def:93
comment Microsoft Office XP is installed
oval oval:org.mitre.oval:def:663
comment Microsoft Office 2003 is installed
oval oval:org.mitre.oval:def:233

description

family

windows

oval:org.mitre.oval:def:5407

status

accepted

submitted

2008-02-12T18:19:01

title

Microsoft Office Execution Jump Vulnerability

version

refmap via4

bid	27738
cert	TA08-043C
hp	HPSBST02314 SSRT080016
sectrack	1019375
secunia	28909
vupen	ADV-2008-0515

Last major update

12-10-2018 - 21:44

Published

13-02-2008 - 00:00

Last modified

12-10-2018 - 21:44