cbcvebase.
CVE-2008-0118
published 2008-03-11

CVE-2008-0118: Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote…

PriorityP258critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
34.84%
98.2th percentile
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."

Affected

4 ranges
VendorProductVersion rangeFixed in
microsoftoffice
microsoftoffice
microsoftoffice
microsoftoffice

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31361.tgz
filename2008-ms08-016.tgz
processcalc.exe
  • Exploit is delivered via a crafted .PPT file triggering a buffer overflow; monitor for suspicious Office document opens (especially .PPT/.PPT-family files) from untrusted sources on unpatched Office XP SP3 systems.
  • The vulnerability triggers memory corruption from an allocation error in Office document parsing; alert on Office processes spawning unexpected child processes (e.g., calc.exe or shells) as a post-exploitation indicator.
  • Attacker entices victim to open a malicious Office file; user-assisted delivery vector — consider email/web attachment inspection for malformed Office documents targeting affected versions (Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003, Office 2004 for Mac).
  • ·Exploit PoC targets Office XP SP3 only with patches prior to 03/11/08; effectiveness against other affected versions (Office 2000 SP3, 2003 SP2, Excel Viewer 2003, Office 2004 for Mac) is not confirmed by the PoC author.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.