CVE-2008-1091
Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
Vulnerabilidad no especificada de Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecutar código arbitrariamente a través de un archivo de Formato de Texto Enriquecido (.rtf) con una cadena mal formada que provoca un “error de cálculo en memoria” y un desbordamiento de búfer basado en el montículo (heap), también conocido como “Vulnerabilidad de análisis sintáctico de Objeto.”
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file.
The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-02-28 CVE Reserved
- 2008-05-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/543907 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/492020/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/29104 | Vdb Entry | |
| http://www.securitytracker.com/id?1020013 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-134A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/1504/references | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-023 | X_refsource_misc |
|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5494 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=121129490723574&w=2 | 2018-10-12 | |
| http://secunia.com/advisories/30143 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2000 Search vendor "Microsoft" for product "Office" and version "2000" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2004 Search vendor "Microsoft" for product "Office" and version "2004" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007_sp1 Search vendor "Microsoft" for product "Office" and version "2007_sp1" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2008 Search vendor "Microsoft" for product "Office" and version "2008" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | xp Search vendor "Microsoft" for product "Office" and version "xp" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Compatibility Pack For Word Excel Ppt 2007 Search vendor "Microsoft" for product "Office Compatibility Pack For Word Excel Ppt 2007" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Compatibility Pack For Word Excel Ppt 2007 Search vendor "Microsoft" for product "Office Compatibility Pack For Word Excel Ppt 2007" | * | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Viewer Search vendor "Microsoft" for product "Word Viewer" | 2003 Search vendor "Microsoft" for product "Word Viewer" and version "2003" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Viewer Search vendor "Microsoft" for product "Word Viewer" | 2003 Search vendor "Microsoft" for product "Word Viewer" and version "2003" | sp3 |
Affected
| ||||||