ID CVE-2008-0109
Summary Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 15-10-2018 - 21:57)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-02-18T04:00:21.390-05:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Pradeep R B
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Sergey Artykhov
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Word 2000 is installed
    oval oval:org.mitre.oval:def:455
  • comment Microsoft Word 2002 is installed
    oval oval:org.mitre.oval:def:973
  • comment Microsoft Word 2003 is installed
    oval oval:org.mitre.oval:def:475
  • comment Microsoft Word Viewer is installed
    oval oval:org.mitre.oval:def:737
description Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
family windows
id oval:org.mitre.oval:def:5073
status accepted
submitted 2008-02-12T17:49:09
title Word Memory Corruption Vulnerability
version 10
refmap via4
bid 27656
bugtraq 20080213 [Reversemode Advisory] February Advisories : Microsoft Word 2003 + Fortinet Forticlient
cert TA08-043C
cert-vn VU#692417
hp
  • HPSBST02314
  • SSRT080016
ms MS08-009
sectrack 1019374
secunia 28901
vupen ADV-2008-0511
Last major update 15-10-2018 - 21:57
Published 12-02-2008 - 23:00
Back to Top