Executive Summary
Summary | |
---|---|
Title | Microsoft Word code execution vulnerability |
Informations | |||
---|---|---|---|
Name | VU#692417 | First vendor Publication | 2008-02-12 |
Vendor | VU-CERT | Last vendor Modification | 2008-02-12 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#692417Microsoft Word code execution vulnerabilityOverviewMicrosoft Word contains a vulnerability that may allow an attacker to execute arbitrary code.I. DescriptionPer Microsoft Security Bulletin MS08-009:A remote code execution vulnerability exists in the way that Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed value. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. II. ImpactA remote attacker may be able to execute arbitrary code.III. SolutionMicrosoft has released Security Bulletin MS08-009 to address this issue.
References
Microsoft credits Rubén Santamarta of Reversemode.com for reporting this vulnerability. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/692417 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5073 | |||
Oval ID: | oval:org.mitre.oval:def:5073 | ||
Title: | Word Memory Corruption Vulnerability | ||
Description: | Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0109 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 2003 Microsoft Word Viewer 2003 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 | |
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41464 | Microsoft Word Document Handling Unspecified Memory Corruption |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Word ole stream memory corruption attempt RuleID : 13469 - Revision : 13 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-02-12 | Name : Arbitrary code can be executed on the remote host through Microsoft Word. File : smb_nt_ms08-009.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:57:18 |
|