Executive Summary
| Summary | |
|---|---|
| Title | Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108) |
| Informations | |||
|---|---|---|---|
| Name | MS08-013 | First vendor Publication | 2008-02-12 |
| Vendor | Microsoft | Last vendor Modification | 2010-01-12 |
| Severity (Vendor) | Critical | Revision | 1.4 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V1.4 (January 12, 2010): Bulletin updated: Corrected the bulletin replaced information for Microsoft Office 2003 Service Pack 2.Summary: This critical security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file with a malformed object inserted into the document. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS08-013.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5407 | |||
| Oval ID: | oval:org.mitre.oval:def:5407 | ||
| Title: | Microsoft Office Execution Jump Vulnerability | ||
| Description: | Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-0103 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office 2000 Microsoft Office XP |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 4 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 41462 | Microsoft Office Malformed Object Parsing Memory Corruption |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_feb2008.nasl - Type : ACT_GATHER_INFO |
| 2008-02-12 | Name : Arbitrary code can be executed on the remote host through Office. File : smb_nt_ms08-013.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:45:54 |
|
| 2013-05-11 00:49:18 |
|
