Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0105

CWE-20Improper Input Validation4 documents4 sources
Severity
9.3CRITICAL
EPSS
80.0%
top 0.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft OfficeMicrosoft Works
Timeline
PublishedFeb 12
Latest updateMay 1

Description

Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/works2005, 8.0+1

🔴Vulnerability Details

2
GHSA
GHSA-g434-qc48-px7f: Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 82022-05-01
CVEList
CVE-2008-0105: Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 82008-02-12

💥Exploits & PoCs

1
Exploit-DB
Microsoft Office 2003 - '.wps' Local Stack Overflow (MS08-011)2008-02-13
CVE-2008-0105 (CRITICAL CVSS 9.3) | Microsoft Works 6 File Converter | cvebase.io