Executive Summary

Informations
Name CVE-2008-4837 First vendor Publication 2008-12-10
Vendor Cve Last vendor Modification 2018-10-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka "Word Memory Corruption Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4837

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5982
 
Oval ID: oval:org.mitre.oval:def:5982
Title: Word Memory Corruption Vulnerability
Description: Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka "Word Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-4837
 Version: 12
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
 Product(s): Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word 2007
Microsoft Office Word Viewer 2003
Microsoft Office Compatibility Pack
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 2
Application 2
Application 1
Application 1

OpenVAS Exploits

Date Description
2008-12-10 Name : Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (9...
File : nvt/secpod_ms08-072.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52690 Microsoft Office Word Malformed Table Property Handling Memory Corruption
50598 Microsoft Office Word Table Property Handling Overflow

Snort® IPS/IDS

Date Description
2020-01-07 Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt
RuleID : 52359 - Revision : 1 - Type : FILE-OFFICE
2020-01-07 Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt
RuleID : 52358 - Revision : 1 - Type : FILE-OFFICE
2020-01-07 Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt
RuleID : 52357 - Revision : 1 - Type : FILE-OFFICE
2020-01-07 Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt
RuleID : 52356 - Revision : 1 - Type : FILE-OFFICE
2017-09-28 Microsoft Office Word .rtf file integer overflow attempt
RuleID : 44183 - Revision : 1 - Type : FILE-OFFICE
2017-09-28 Microsoft Office Word .rtf file integer overflow attempt
RuleID : 44182 - Revision : 1 - Type : FILE-OFFICE
2017-09-06 Microsoft Office Word unpaired RTF dpendgroup buffer overflow attempt
RuleID : 43854 - Revision : 1 - Type : FILE-OFFICE
2017-09-06 Microsoft Office Word unpaired RTF dpendgroup buffer overflow attempt
RuleID : 43853 - Revision : 1 - Type : FILE-OFFICE
2017-08-08 Microsoft Office Word .rtf file double free attempt
RuleID : 43450 - Revision : 2 - Type : FILE-OFFICE
2017-07-25 Microsoft Office Word .rtf file integer overflow attempt
RuleID : 43328 - Revision : 1 - Type : FILE-OFFICE
2016-04-19 Microsoft Office Word rtf malformed dpcallout buffer overflow attempt
RuleID : 38262 - Revision : 1 - Type : FILE-OFFICE
2016-03-14 Microsoft Office Word .rtf file stylesheet buffer overflow attempt
RuleID : 36631 - Revision : 1 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt
RuleID : 23268 - Revision : 6 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt
RuleID : 23267 - Revision : 6 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt
RuleID : 23266 - Revision : 6 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt
RuleID : 17591 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Word rich text file unpaired dpendgroup exploit attempt
RuleID : 15125 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word .rtf file stylesheet buffer overflow attempt
RuleID : 15107 - Revision : 19 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word .rtf file integer overflow attempt
RuleID : 15106 - Revision : 18 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word .rtf file double free attempt
RuleID : 15083 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word rtf malformed dpcallout buffer overflow attempt
RuleID : 15082 - Revision : 18 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2010-10-20 Name : An application installed on the remote Mac OS X host is affected by multiple ...
File : macosx_ms_office_dec2008.nasl - Type : ACT_GATHER_INFO
2008-12-10 Name : Arbitrary code can be executed on the remote host through Microsoft Word.
File : smb_nt_ms08-072.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BUGTRAQ http://www.securityfocus.com/archive/1/499064/100/0/threaded
CERT http://www.us-cert.gov/cas/techalerts/TA08-344A.html
MISC http://www.zerodayinitiative.com/advisories/ZDI-08-086
http://www.zerodayinitiative.com/advisories/ZDI-08-086/
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08...
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://www.securitytracker.com/id?1021370
VUPEN http://www.vupen.com/english/advisories/2008/3384

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2021-05-04 12:08:17
  • Multiple Updates
2021-04-22 01:08:38
  • Multiple Updates
2020-05-23 00:22:30
  • Multiple Updates
2018-10-31 00:19:54
  • Multiple Updates
2018-10-13 00:22:44
  • Multiple Updates
2018-10-12 00:20:29
  • Multiple Updates
2017-09-29 09:23:47
  • Multiple Updates
2016-06-28 17:19:50
  • Multiple Updates
2016-04-26 17:58:28
  • Multiple Updates
2014-02-17 10:47:07
  • Multiple Updates
2014-01-19 21:25:22
  • Multiple Updates
2013-05-11 00:29:27
  • Multiple Updates