Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0108

CWE-119Buffer Overflow5 documents4 sources
Severity
9.3CRITICAL
EPSS
75.4%
top 1.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft OfficeMicrosoft Works
Timeline
PublishedFeb 12
Latest updateMay 1

Description

Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/works2005, 8.0+1

🔴Vulnerability Details

2
GHSA
GHSA-mfc9-4wfx-76c8: Stack-based buffer overflow in wkcvqd012022-05-01
CVEList
CVE-2008-0108: Stack-based buffer overflow in wkcvqd012008-02-12

💥Exploits & PoCs

2
Exploit-DB
Microsoft Office 2003 - '.wps' Local Stack Overflow (MS08-011)2008-02-13
Exploit-DB
Microsoft Works 8.0 - File Converter Field Length Remote Code Execution2008-02-06
CVE-2008-0108 (CRITICAL CVSS 9.3) | Stack-based buffer overflow in wkcv | cvebase.io