CVE-2008-3018

2008-08-1223:41:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-3018

microsoft office

works

pict file

vulnerability

remote code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.697 Medium

EPSS

Percentile

98.0%

JSON

Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the “Malformed PICT Filter Vulnerability,” a different vulnerability than CVE-2008-3021.

Affected configurations

NVD

Node

microsoftwindows_ntMatchxpsp3

AND

microsoftofficeMatch2000sp3

microsoftoffice_converter_pack

microsoftworksMatch8.0

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2000
microsoft:office_converter_packmicrosoft office converter packeq*
microsoft:worksmicrosoft workseq8.0