CVE-2008-0103
published 2008-02-13CVE-2008-0103: Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary…
PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
30.08%
98.0th percentile
Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-2107 PHP 32 bit weak random seed
bugzilla·2008-05-08·CVSS 7.5
CVE-2008-2107 [HIGH] CVE-2008-2107 PHP 32 bit weak random seed
CVE-2008-2107 PHP 32 bit weak random seed
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2107 to the following vulnerability:
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 3
2-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.
Refences:
http://www.securityfocus.com/archive/1/archive/1/491683/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
http://www.sektioneins.de/advisories/SE-2008-02.txt
http://xforce.iss.net/xforce/xfdb/42226
Discussion:
php-5.2.6-2.
Bugzilla
CVE-2008-2108 PHP weak 64 bit random seed
bugzilla·2008-05-08·CVSS 9.8
CVE-2008-2108 [CRITICAL] CVE-2008-2108 PHP weak 64 bit random seed
CVE-2008-2108 PHP weak 64 bit random seed
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2108 to the following vulnerability:
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
Refences:
http://www.securityfocus.com/archive/1/archive/1/491683/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
http://www.sektioneins.de/advisories/SE-2008-02.txt
http://xforce.iss.net/xforce/xfdb/42226
Discussion:
php-5.2.6-2.fc9 has been pushed to
Bugzilla
CVE-2008-0416 Mozilla arbitrary code execution
bugzilla·2008-02-06·CVSS 4.3
CVE-2008-0416 [MEDIUM] CVE-2008-0416 Mozilla arbitrary code execution
CVE-2008-0416 Mozilla arbitrary code execution
CVE-2008-0416 describes cross site scripting (XSS) bugs in the Mozilla
products. It is possible that these flaws could be used by malicious web
content to steal information or trick a user into disclosing private data.
Discussion:
Keep this embargoed until upstream makes it public.
---
Lifting embargo, this issue is public:
http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0104.html
http://rhn.redhat.com/errata/RHSA-2008-0103.html
http://marc.info/?l=bugtraq&m=120361015026386&w=2http://secunia.com/advisories/28909http://www.securityfocus.com/bid/27738http://www.securitytracker.com/id?1019375http://www.us-cert.gov/cas/techalerts/TA08-043C.htmlhttp://www.vupen.com/english/advisories/2008/0515/referenceshttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-013https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5407http://marc.info/?l=bugtraq&m=120361015026386&w=2http://secunia.com/advisories/28909http://www.securityfocus.com/bid/27738http://www.securitytracker.com/id?1019375http://www.us-cert.gov/cas/techalerts/TA08-043C.htmlhttp://www.vupen.com/english/advisories/2008/0515/referenceshttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-013https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5407
2008-02-13
Published