CVE-2008-0105
Microsoft Office 2003 - '.wps' Local Stack Overflow (MS08-011)
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
Microsoft Works 6 File Converter, como el utilizado en Office 2003 SP2 y SP3, Works 8.0, y Works Suite 2005, permite a atacantes remotos ejecutar código de su elección a través de un fichero .wps con una sección de la cabecera de índice de la tabla de información manipulada, también conocida como "Vulnerabilidad en Tabla Índice de Microsoft Works File Converter"
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-01-07 CVE Reserved
- 2008-02-12 CVE Published
- 2008-02-13 First Exploit
- 2024-08-07 CVE Updated
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/28904 | Third Party Advisory | |
http://www.securityfocus.com/bid/27658 | Vdb Entry | |
http://www.securitytracker.com/id?1019387 | Vdb Entry | |
http://www.us-cert.gov/cas/techalerts/TA08-043C.html | Third Party Advisory | |
http://www.vupen.com/english/advisories/2008/0513/references | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5009 | Signature |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/5107 | 2008-02-13 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://marc.info/?l=bugtraq&m=120361015026386&w=2 | 2018-10-12 | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011 | 2018-10-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Works Search vendor "Microsoft" for product "Works" | 8.0 Search vendor "Microsoft" for product "Works" and version "8.0" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Works Search vendor "Microsoft" for product "Works" | 2005 Search vendor "Microsoft" for product "Works" and version "2005" | - |
Affected
|