CVE-2008-1091

2008-05-1322:20:00

CWE-94

[email protected]

web.nvd.nist.gov

microsoft word

vulnerability

remote code execution

rich text format

cve-2008-1091

nvd

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.562 Medium

EPSS

Percentile

97.7%

JSON

Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a “memory calculation error” and a heap-based buffer overflow, aka “Object Parsing Vulnerability.”

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2008
microsoft:officemicrosoft officeeq2007_sp1
microsoft:office_compatibility_pack_for_word_excel_ppt_2007microsoft office compatibility pack for word excel ppt 2007eq*
microsoft:officemicrosoft officeeq2004
microsoft:officemicrosoft officeeqxp
microsoft:officemicrosoft officeeq2003
microsoft:word_viewermicrosoft word viewereq2003
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2000

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2008
microsoft:office	microsoft office	eq	2007_sp1
microsoft:office_compatibility_pack_for_word_excel_ppt_2007	microsoft office compatibility pack for word excel ppt 2007	eq	*
microsoft:office	microsoft office	eq	2004
microsoft:office	microsoft office	eq	xp
microsoft:office	microsoft office	eq	2003
microsoft:word_viewer	microsoft word viewer	eq	2003
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2000