CVE-2008-1089

2008-04-0823:05:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-1089

microsoft visio

vulnerability

user-assisted

remote execution

crafted object header

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.566 Medium

EPSS

Percentile

97.7%

JSON

Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka “Visio Object Header Vulnerability.”

Affected configurations

NVD

Node

microsoftofficeMatch2003sp2

microsoftofficeMatch2003sp3

microsoftofficeMatch2007

microsoftofficeMatch2007_sp1

microsoftofficeMatchxpsp2

microsoftvisioMatch2002sp2

microsoftvisioMatch2003sp1

microsoftvisioMatch2003_sp3

microsoftvisioMatch2007

microsoftvisioMatch2007_sp1

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2003
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2007_sp1
microsoft:officemicrosoft officeeqxp
microsoft:visiomicrosoft visioeq2002
microsoft:visiomicrosoft visioeq2003
microsoft:visiomicrosoft visioeq2003_sp3
microsoft:visiomicrosoft visioeq2007
microsoft:visiomicrosoft visioeq2007_sp1

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2003
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2007_sp1
microsoft:office	microsoft office	eq	xp
microsoft:visio	microsoft visio	eq	2002
microsoft:visio	microsoft visio	eq	2003
microsoft:visio	microsoft visio	eq	2003_sp3
microsoft:visio	microsoft visio	eq	2007
microsoft:visio	microsoft visio	eq	2007_sp1