CVE-2008-1434
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
Una vulnerabilidad de uso de la memoria previamente liberada en Microsoft Word en Office 2000 y XP SP3, 2003 SP2 y SP3, y 2007 Office System SP1 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un documento HTML con un gran número de Cascading Style Sheets (CSS), relacionado con un "memory handling error" que desencadena una corrupción de memoria.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-03-21 CVE Reserved
- 2008-05-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700 | Third Party Advisory | |
| http://www.securitytracker.com/id?1020014 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-134A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5012 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/29105 | 2018-10-12 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=121129490723574&w=2 | 2018-10-12 | |
| http://secunia.com/advisories/30143 | 2018-10-12 | |
| http://www.vupen.com/english/advisories/2008/1504/references | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2000 Search vendor "Microsoft" for product "Office" and version "2000" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2004 Search vendor "Microsoft" for product "Office" and version "2004" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007_sp1 Search vendor "Microsoft" for product "Office" and version "2007_sp1" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2008 Search vendor "Microsoft" for product "Office" and version "2008" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | xp Search vendor "Microsoft" for product "Office" and version "xp" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Compatibility Pack For Word Excel Ppt 2007 Search vendor "Microsoft" for product "Office Compatibility Pack For Word Excel Ppt 2007" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Compatibility Pack For Word Excel Ppt 2007 Search vendor "Microsoft" for product "Office Compatibility Pack For Word Excel Ppt 2007" | * | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Viewer Search vendor "Microsoft" for product "Word Viewer" | 2003 Search vendor "Microsoft" for product "Word Viewer" and version "2003" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Word Viewer Search vendor "Microsoft" for product "Word Viewer" | 2003 Search vendor "Microsoft" for product "Word Viewer" and version "2003" | sp3 |
Affected
| ||||||