CVE-2008-0119Code Injection in Microsoft Office

CWE-94Code Injection2 documents2 sources
Severity
9.3CRITICALNVD
EPSS
55.9%
top 1.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office
Timeline
PublishedMay 13
Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/office5 versions+4

🔴Vulnerability Details

1
GHSA
GHSA-wp49-c7vw-f2q5: Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to exec2022-05-01
CVE-2008-0119 — Code Injection in Microsoft Office | cvebase