Executive Summary
Summary | |
---|---|
Title | Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208) |
Informations | |||
---|---|---|---|
Name | MS08-027 | First vendor Publication | 2008-05-13 |
Vendor | Microsoft | Last vendor Modification | 2008-05-13 |
Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This security update resolves a privately reported vulnerability in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5303 | |||
Oval ID: | oval:org.mitre.oval:def:5303 | ||
Title: | Publisher Object Handler Validation Vulnerability | ||
Description: | Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0119 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Publisher |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 6 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
45033 | Microsoft Publisher Object Handler Header Data Validation Arbitrary Code Exec... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-05-15 | IAVM : 2008-A-0029 - Microsoft Publisher Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0016014 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Publisher Object Handler Validation Code Execution attempted RuleID : 17383 - Revision : 12 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-05-13 | Name : Arbitrary code can be executed on the remote host through Microsoft Publisher. File : smb_nt_ms08-027.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:57 |
|
2013-11-11 12:41:08 |
|
2013-05-11 00:49:19 |
|