CVE-2008-4024

CWE-94Code Injection3 documents3 sources
Severity
9.3CRITICAL
EPSS
57.5%
top 1.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft OfficeMicrosoft Office OutlookMicrosoft Office Word+2 more
Timeline
PublishedDec 10
Latest updateMay 2

Description

Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

NVDmicrosoft/office_word4 versions+3
NVDmicrosoft/office2004, 2008+1

🔴Vulnerability Details

2
GHSA
GHSA-xh93-p895-vcfc: Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafte2022-05-02
CVEList
CVE-2008-4024: Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafte2008-12-10
CVE-2008-4024 (CRITICAL CVSS 9.3) | Microsoft Office Word 2000 SP3 and | cvebase.io