⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2008-1092Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Word

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
60.6%
top 1.71%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Microsoft Word
Timeline
PublishedMar 25
Latest updateMay 1

Description

Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/word6 versions+5

🔴Vulnerability Details

3
GHSA
GHSA-m5h6-g75q-rpq4: Buffer overflow in msjet402022-05-01
CVEList
CVE-2008-1092: Buffer overflow in msjet402008-03-25
VulnCheck
Microsoft Windows Improper Restriction of Operations within the Bounds of a Memory Buffer2008
CVE-2008-1092 — Microsoft Word vulnerability | cvebase