CVE-2008-1091

high

Description

Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5494

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026

http://www.zerodayinitiative.com/advisories/ZDI-08-023

http://www.vupen.com/english/advisories/2008/1504/references

http://www.us-cert.gov/cas/techalerts/TA08-134A.html

http://www.securitytracker.com/id?1020013

http://www.securityfocus.com/bid/29104

http://www.securityfocus.com/archive/1/492020/100/0/threaded

http://www.kb.cert.org/vuls/id/543907

http://secunia.com/advisories/30143

http://marc.info/?l=bugtraq&m=121129490723574&w=2

Details

Source: Mitre, NVD

Published: 2008-05-13

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High