CVE-2008-3020

CWE-3993 documents3 sources
Severity
9.3CRITICAL
EPSS
54.1%
top 1.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft OfficeMicrosoft Works
Timeline
PublishedAug 12
Latest updateMay 1

Description

Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/office2000, 2003, xp+2

🔴Vulnerability Details

2
GHSA
GHSA-697x-wwx6-cm5r: Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers2022-05-01
CVEList
CVE-2008-3020: Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers2008-08-12
CVE-2008-3020 (CRITICAL CVSS 9.3) | Microsoft Office 2000 SP3 and XP SP | cvebase.io