CVE-2008-2244 - Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file tha

CVE-2008-2244

Summary

Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-09-2017 - 01:31)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

oval via4

accepted

2014-02-03T04:04:46.159-05:00

class

vulnerability

contributors

name Sudhir Gandhe
organization Secure Elements, Inc.
name Shane Shaffer
organization G2, Inc.
name Maria Kedovskaya
organization ALTX-SOFT

definition_extensions

comment Microsoft Word 2002 is installed
oval oval:org.mitre.oval:def:973
comment Microsoft Word 2003 is installed
oval oval:org.mitre.oval:def:475

description

family

windows

oval:org.mitre.oval:def:5897

status

accepted

submitted

2008-08-13T09:28:00

title

Word Record Parsing Vulnerability

version

refmap via4

bid	30124
cert	TA08-225A
confirm	http://blogs.technet.com/msrc/archive/2008/07/08/vulnerability-in-microsoft-word-could-allow-remote-code-execution.aspx http://www.microsoft.com/technet/security/advisory/953635.mspx
hp	HPSBST02360 SSRT080117
misc	http://isc.sans.org/diary.html?storyid=4696
sectrack	1020447
secunia	30975
vupen	ADV-2008-2028
xf	microsoft-word-unspecified-code-execution(43663)

Last major update

29-09-2017 - 01:31

Published

09-07-2008 - 22:41

Last modified

29-09-2017 - 01:31