CVE-2008-4024 - OpenCVE

Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Office Word Viewer Works Office System Office Word Office Office Compatibility Pack For Word Excel Ppt 2007 Office Outlook Open Xml File Format Converter

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:office:2004::mac:::::
	cpe:2.3:a:microsoft:office:2008::mac:::::
	cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::::::::
	cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1::::::*
	cpe:2.3:a:microsoft:office_word_viewer:2003:::::::*
	cpe:2.3:a:microsoft:office_word_viewer:2003:sp3::::::
	cpe:2.3:a:microsoft:open_xml_file_format_converter:::mac:::::*
	cpe:2.3:a:microsoft:works:8.0:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:a:microsoft:office_outlook:2007:::::::*
	cpe:2.3:a:microsoft:office_outlook:2007:sp1::::::
	cpe:2.3:a:microsoft:office_word:2000:sp3::::::
	cpe:2.3:a:microsoft:office_word:2002:sp3::::::
	cpe:2.3:a:microsoft:office_word:2003:sp3::::::
	cpe:2.3:a:microsoft:office_word:2007:::::::*

OR	cpe:2.3:a:microsoft:office:2000:sp3::::::
	cpe:2.3:a:microsoft:office:2003:sp3::::::
	cpe:2.3:a:microsoft:office:xp:sp3::::::
	cpe:2.3:o:microsoft:office_system::2007::::::*
	cpe:2.3:o:microsoft:office_system:sp1:2007::::::

References

Link	Resource
http://www.coresecurity.com/content/word-arbitrary-free
http://www.coresecurity.com/files/attachments/CORE-2008-0228-Word.pdf
http://www.securityfocus.com/archive/1/499086/100/0/threaded
http://www.securitytracker.com/id?1021370
http://www.us-cert.gov/cas/techalerts/TA08-344A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/3384	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5934