CVE-2008-1091

CWE-94Code Injection3 documents3 sources
Severity
9.3CRITICAL
EPSS
64.1%
top 1.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft OfficeMicrosoft Word Viewer
Timeline
PublishedMay 13
Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/office7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-q4fp-7h4m-q27r: Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attacker2022-05-01
CVEList
CVE-2008-1091: Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attacker2008-05-13
CVE-2008-1091 (CRITICAL CVSS 9.3) | Unspecified vulnerability in Micros | cvebase.io