Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2752Out-of-bounds Write in Microsoft Word

CWE-3994 documents4 sources
Severity
7.1HIGHNVD
EPSS
40.3%
top 2.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Word
Timeline
PublishedJun 18
Latest updateMay 1

Description

Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDmicrosoft/word2000, 2003+1

🔴Vulnerability Details

2
GHSA
GHSA-g6ph-6cq5-3xgm: Microsoft Word 2000 92022-05-01
CVEList
CVE-2008-2752: Microsoft Word 2000 92008-06-18

💥Exploits & PoCs

1
Exploit-DB
Microsoft Word 2000/2002 - Bulleted List Handling Remote Memory Corruption2008-06-17
CVE-2008-2752 — Out-of-bounds Write in Microsoft Word | cvebase