SAINT CorporationSAINT:EF0EF28D4F339C50E929AB8E07B310B5Microsoft Works File Converter index table vulnerability
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.592 Medium
EPSS
Percentile
97.7%
Added: 02/22/2008
CVE: CVE-2008-0105
BID: 27658
OSVDB: 41458
Background
The Microsoft Works File Converter allows Microsoft Office to open Microsoft Works files.
Problem
A buffer overflow vulnerability in the Microsoft Works File Converter allows arbitrary command execution when a user opens a **.wps** file with a specially crafted index table.
Resolution
Apply the update referenced in Microsoft Security Bulletin 08-011.
References
<http://www.microsoft.com/technet/security/bulletin/ms08-011.mspx>
Limitations
Exploit works on Microsoft Word 2003 SP3 and requires a user to open the exploit file.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.592 Medium
EPSS
Percentile
97.7%