CVE-2008-0108
Microsoft Office 2003 - '.wps' Local Stack Overflow (MS08-011)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
Un desbordamiento de búfer en la región stack de la memoria en la biblioteca wkcvqd01.dll en Microsoft Works versión 6 File Converter, tal y como es usado en Office 2003 SP2 y SP3, Works versión 8.0 y Works Suite 2005, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo .wps con longitudes de campo diseñado, también se conoce como "Microsoft Works File Converter Field Length Vulnerability".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-01-07 CVE Reserved
- 2008-02-06 First Exploit
- 2008-02-12 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=660 | Third Party Advisory | |
http://www.securityfocus.com/bid/27659 | Vdb Entry | |
http://www.securitytracker.com/id?1019388 | Vdb Entry | |
http://www.us-cert.gov/cas/techalerts/TA08-043C.html | Third Party Advisory | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5202 | Signature |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/5107 | 2024-08-07 | |
https://www.exploit-db.com/exploits/31118 | 2008-02-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://marc.info/?l=bugtraq&m=120361015026386&w=2 | 2018-10-12 | |
http://secunia.com/advisories/28904 | 2018-10-12 | |
http://www.vupen.com/english/advisories/2008/0513/references | 2018-10-12 | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-011 | 2018-10-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Works Search vendor "Microsoft" for product "Works" | 8.0 Search vendor "Microsoft" for product "Works" and version "8.0" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Works Search vendor "Microsoft" for product "Works" | 2005 Search vendor "Microsoft" for product "Works" and version "2005" | - |
Affected
|