Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka "Word Memory Corruption Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Microsoft
  • Office Word Viewer
  • Works
  • Office System
  • Office Word
  • Office
  • Office Compatibility Pack For Word Excel Ppt 2007
  • Office Outlook
  • Open Xml File Format Converter

Configuration 1 [-]

OR cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*
OR cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*
cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/archive/1/499064/100/0/threaded
http://www.securitytracker.com/id?1021370
http://www.us-cert.gov/cas/techalerts/TA08-344A.html US Government Resource
http://www.vupen.com/english/advisories/2008/3384 Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-086
http://www.zerodayinitiative.com/advisories/ZDI-08-086/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5982
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2008-12-10T13:33:00

Updated: 2018-10-12T19:57:01

Reserved: 2008-10-31T00:00:00

Link: CVE-2008-4837

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2008-12-10T14:00:01.173

Modified: 2018-10-30T16:25:58.373

Link: CVE-2008-4837

JSON object: View

cve-icon Redhat Information

No data.

CWE