CVE-2008-0109Out-of-bounds Write in Microsoft Office

CWE-3992 documents2 sources
Severity
9.3CRITICALNVD
EPSS
58.0%
top 1.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office
Timeline
PublishedFeb 12
Latest updateMay 1

Description

Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/office2000, 2003, xp+2

🔴Vulnerability Details

1
GHSA
GHSA-qwhf-6m85-fm6c: Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted2022-05-01
CVE-2008-0109 — Out-of-bounds Write in Microsoft Office | cvebase