{"id": "CVE-2008-1088", "bulletinFamily": "NVD", "title": "CVE-2008-1088", "description": "Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of \"memory resource allocations.\"", "published": "2008-04-08T19:05:00", "modified": "2017-09-28T21:30:33", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1088", "reporter": "NVD", "references": ["http://marc.info/?l=bugtraq&m=120845064910729&w=2", "http://www.microsoft.com/technet/security/bulletin/ms08-018.mspx", "http://www.securityfocus.com/bid/28607", "http://www.vupen.com/english/advisories/2008/1142/references", "http://www.us-cert.gov/cas/techalerts/TA08-099A.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41447", "http://www.securitytracker.com/id?1019797", "http://www.kb.cert.org/vuls/id/155563"], "cvelist": ["CVE-2008-1088"], "type": "cve", "lastseen": "2017-09-29T14:25:47", "history": [{"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5384", "name": "oval:org.mitre.oval:def:5384", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:project:2000:sr1", "cpe:/a:microsoft:project:2003:sp2", "cpe:/a:microsoft:project:2002:sp1"], "cvelist": ["CVE-2008-1088"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of \"memory resource allocations.\"", "edition": 2, "enchantments": {}, "hash": "b43fcc8e41b0af75cfa2353844e3fd75092d504aea8ce6876ac0e499371bcfff", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "08ba5916c5df55fa354cd89e055a608a", "key": "description"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "90e3dbce7f87cbce3c3bcf77370cf701", "key": "title"}, {"hash": "e528778e9a6b890584be4252bf38cde2", "key": "references"}, {"hash": "e2cfb556d423849ff783a0e107571c86", "key": "assessment"}, {"hash": "4c4161250a3deffc1e56ad4338eceb41", "key": "href"}, {"hash": "a6e51109013291e605338350a454eb67", "key": "cvelist"}, {"hash": "173cf766e111fa359f91dcfed0609f4b", "key": "scanner"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "019954f3148427e9a19c10bce3820174", "key": "cpe"}, {"hash": "608528e03a714f966a0eeeda2ea8ad3f", "key": "modified"}, {"hash": "ac9b00bd0d8cb8b6ea7c59a966c57a82", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1088", "id": "CVE-2008-1088", "lastseen": "2017-08-08T11:24:32", "modified": "2017-08-07T21:29:52", "objectVersion": "1.3", "published": "2008-04-08T19:05:00", "references": ["http://marc.info/?l=bugtraq&m=120845064910729&w=2", "http://www.microsoft.com/technet/security/bulletin/ms08-018.mspx", "http://www.securityfocus.com/bid/28607", "http://www.vupen.com/english/advisories/2008/1142/references", "http://www.us-cert.gov/cas/techalerts/TA08-099A.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41447", "http://www.securitytracker.com/id?1019797", "http://www.kb.cert.org/vuls/id/155563"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5384", "name": "oval:org.mitre.oval:def:5384", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2008-1088", "type": "cve", "viewCount": 0}, "differentElements": ["assessment", "modified"], "edition": 2, "lastseen": "2017-08-08T11:24:32"}, {"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5384", "name": "oval:org.mitre.oval:def:5384", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:microsoft:project:2000:sr1", "cpe:/a:microsoft:project:2003:sp2", "cpe:/a:microsoft:project:2002:sp1"], "cvelist": ["CVE-2008-1088"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of \"memory resource allocations.\"", "edition": 1, "enchantments": {}, "hash": "59d78c0249a1a6249607125e58f13371587ae697e928a6ae034263a453a642d8", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "08ba5916c5df55fa354cd89e055a608a", "key": "description"}, {"hash": "02491d1a4565e5c53b6f98c5f27004be", "key": "modified"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "90e3dbce7f87cbce3c3bcf77370cf701", "key": "title"}, {"hash": "e2cfb556d423849ff783a0e107571c86", "key": "assessment"}, {"hash": "4c4161250a3deffc1e56ad4338eceb41", "key": "href"}, {"hash": "a6e51109013291e605338350a454eb67", "key": "cvelist"}, {"hash": "173cf766e111fa359f91dcfed0609f4b", "key": "scanner"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "610adf5c1d90da368ca7cf3fd8bc12d6", "key": "references"}, {"hash": "019954f3148427e9a19c10bce3820174", "key": "cpe"}, {"hash": "ac9b00bd0d8cb8b6ea7c59a966c57a82", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1088", "id": "CVE-2008-1088", "lastseen": "2016-09-03T10:14:15", "modified": "2011-03-07T22:05:55", "objectVersion": "1.2", "published": "2008-04-08T19:05:00", "references": ["http://marc.info/?l=bugtraq&m=120845064910729&w=2", "http://xforce.iss.net/xforce/xfdb/41447", "http://www.microsoft.com/technet/security/bulletin/ms08-018.mspx", "http://www.securityfocus.com/bid/28607", "http://www.vupen.com/english/advisories/2008/1142/references", "http://www.us-cert.gov/cas/techalerts/TA08-099A.html", "http://www.securitytracker.com/id?1019797", "http://www.kb.cert.org/vuls/id/155563"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5384", "name": "oval:org.mitre.oval:def:5384", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2008-1088", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T10:14:15"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "1eb85d184b877245ed5ceb6778da4784"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "019954f3148427e9a19c10bce3820174"}, {"key": "cvelist", "hash": "a6e51109013291e605338350a454eb67"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "08ba5916c5df55fa354cd89e055a608a"}, {"key": "href", "hash": "4c4161250a3deffc1e56ad4338eceb41"}, {"key": "modified", "hash": "62d697255f12accaf19019ae675d5400"}, {"key": "published", "hash": "ac9b00bd0d8cb8b6ea7c59a966c57a82"}, {"key": "references", "hash": "e528778e9a6b890584be4252bf38cde2"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "173cf766e111fa359f91dcfed0609f4b"}, {"key": "title", "hash": "90e3dbce7f87cbce3c3bcf77370cf701"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "612cfab07586ee8916649f9eba6922642bf726eb8e5227f59a3d8a3edbad0450", "viewCount": 0, "enchantments": {"vulnersScore": 9.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:microsoft:project:2000:sr1", "cpe:/a:microsoft:project:2003:sp2", "cpe:/a:microsoft:project:2002:sp1"], "assessment": {"href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5384", "name": "oval:org.mitre.oval:def:5384", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5384", "name": "oval:org.mitre.oval:def:5384", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}]}

{"result": {"cert": [{"id": "VU:155563", "type": "cert", "title": "Microsoft Office Project vulnerable to remote code execution via specially crafted Project file", "description": "### Overview\n\nA vulnerability in the way Microsoft Office Project parses files may lead to execution of arbitrary code.\n\n### Description\n\nMicrosoft Office Project contains a vulnerability that could be exploited when Project attempts to parse specially crafted files. According to Microsoft Security Bulletin [MS08-018](<http://www.microsoft.com/technet/security/bulletin/MS08-018.mspx>), \"Microsoft Project does not properly validate memory resource allocations when opening Project files.\" \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the affected user or cause a denial-of-service condition. \n \n--- \n \n### Solution\n\n**Update**\n\nMicrosoft has released an update to address this issue. See Microsoft Security Bulletin [MS08-018](<http://www.microsoft.com/technet/security/bulletin/MS08-018.mspx>) for more details. \n \n--- \n \n**Do not open untrusted Microsoft Office documents**\n\n \nDo not open unfamiliar or unexpected Microsoft Office documents, particularly those hosted on web sites or delivered as email attachments. Please see Cyber Security Tip [ST04-010](<http://www.us-cert.gov/cas/tips/ST04-010.html>). \n \n**Disable automatic opening of Microsoft Office documents** \n \nBy default, Microsoft Office 97 and Microsoft Office 2000 will configure Internet Explorer to automatically open Microsoft Office documents. This feature can be disabled by using the [Office Document Open Confirmation Tool](<http://www.microsoft.com/downloads/details.aspx?familyid=8B5762D2-077F-4031-9EE6-C9538E9F2A2F&displaylang=en>). Mozilla Firefox users should disable automatic opening of files by following the instructions in the [Securing Your Web Browser](<http://www.us-cert.gov/reading_room/securing_browser/#ffdownloadactions>) document. \n \n**Do not rely on file name extension filtering** \n \nIn most cases, Windows will call a Microsoft Office application to open a document, even if the document has an unknown file extension. Filtering for common extensions (e.g., .ppt, .xls, and .doc) will not detect all Microsoft Office documents. Additionally, a Microsoft Office file with no file extension will also open with a Microsoft Office application. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nMicrosoft Corporation| | -| 08 Apr 2008 \nGnash| | 11 Apr 2008| 11 Apr 2008 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23155563 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx>\n\n### Credit\n\nThis vulnerability was reported in Microsoft Security Bulletin [MS08-018](<http://www.microsoft.com/technet/security/bulletin/MS08-018.mspx>). Microsoft credits National Cyber Security Center, The Republic of Korea for reporting this Project Memory Validation Vulnerability.\n\nThis document was written by Chris Taschner.\n\n### Other Information\n\n * CVE IDs: [CVE-2008-1088](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1088>)\n * Date Public: 08 Apr 2008\n * Date First Published: 08 Apr 2008\n * Date Last Updated: 29 Apr 2008\n * Severity Metric: 24.30\n * Document Revision: 10\n\n", "published": "2008-04-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.kb.cert.org/vuls/id/155563", "cvelist": ["CVE-2008-1088", "CVE-2008-1088"], "lastseen": "2016-02-03T09:13:18"}], "seebug": [{"id": "SSV:3142", "type": "seebug", "title": "Microsoft Project\u8d44\u6e90\u5185\u5b58\u5206\u914d\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08MS08-018\uff09", "description": "BUGTRAQ ID: 28607\r\nCVE(CAN) ID: CVE-2008-1088\r\n\r\nProject\u662f\u5fae\u8f6fOffice\u5957\u4ef6\u4e2d\u7684\u9879\u76ee\u7ba1\u7406\u548c\u63a7\u5236\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Project\u5728\u6253\u5f00Project\u6587\u4ef6\u65f6\u6ca1\u6709\u6b63\u786e\u5730\u9a8c\u8bc1\u5185\u5b58\u8d44\u6e90\u5206\u914d\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u7578\u5f62\u6587\u6863\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\n\nMicrosoft Project 2003 SP2\r\nMicrosoft Project 2002 SP1\r\nMicrosoft Project 2000 Service Release 1\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u4e0d\u8981\u6253\u5f00\u4e0d\u53ef\u4fe1\u4efb\u6765\u6e90\u6216\u53ef\u4fe1\u4efb\u6765\u6e90\u610f\u5916\u63a5\u6536\u5230\u7684Microsoft Office\u6587\u4ef6\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS08-018\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nMS08-018\uff1aVulnerability in Microsoft Project Could Allow Remote Code Execution (950183)\r\n\u94fe\u63a5\uff1a<a href=http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx?pf=true</a>", "published": "2008-04-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-3142", "cvelist": ["CVE-2008-1088"], "lastseen": "2017-11-19T21:44:09"}], "nessus": [{"id": "SMB_NT_MS08-018.NASL", "type": "nessus", "title": "MS08-018: Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)", "description": "The remote host contains a version of Microsoft Project that has a vulnerability in the way it validates memory that could be used by an attacker to execute arbitrary code on the remote host.\n\nTo exploit this vulnerability, an attacker would need to spend a specially crafted Project document to a user on the remote host and lure him into opening it.", "published": "2008-04-11T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31791", "cvelist": ["CVE-2008-1088"], "lastseen": "2017-10-29T13:37:12"}]}}