Lucene search

MicrosoftCVE-2008-4025

HistoryDec 10, 2008 - 2:00 p.m.

CVE-2008-4025

2008-12-1014:00:00

CWE-119

microsoft

web.nvd.nist.gov

cve-2008-4025

microsoft office

word

outlook

security vulnerability

remote code execution

rtf

buffer overflow

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.318

Percentile

97.1%

JSON

Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka “Word RTF Object Parsing Vulnerability.”

Affected configurations

Nvd

Node

microsoftofficeMatch2004mac

microsoftofficeMatch2008mac

microsoftoffice_compatibility_pack_for_word_excel_ppt_2007

microsoftoffice_compatibility_pack_for_word_excel_ppt_2007sp1

microsoftoffice_word_viewerMatch2003

microsoftoffice_word_viewerMatch2003sp3

microsoftopen_xml_file_format_convertermac

microsoftworksMatch8.0

Node

microsoftoffice_outlookMatch2007

microsoftoffice_outlookMatch2007sp1

microsoftoffice_wordMatch2000sp3

microsoftoffice_wordMatch2002sp3

microsoftoffice_wordMatch2003sp3

microsoftoffice_wordMatch2007

AND

microsoftofficeMatch2000sp3

microsoftofficeMatch2003sp3

microsoftofficeMatchxpsp3

microsoftoffice_system2007

microsoftoffice_systemMatchsp12007

VendorProductVersionCPE
microsoftoffice2004cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
microsoftoffice2008cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
microsoftoffice_compatibility_pack_for_word_excel_ppt_2007*cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*
microsoftoffice_compatibility_pack_for_word_excel_ppt_2007*cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*
microsoftoffice_word_viewer2003cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*
microsoftoffice_word_viewer2003cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*
microsoftopen_xml_file_format_converter*cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*
microsoftworks8.0cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*
microsoftoffice_outlook2007cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*
microsoftoffice_outlook2007cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	2004	cpe:2.3:a:microsoft:office:2004::mac:::::
microsoft	office	2008	cpe:2.3:a:microsoft:office:2008::mac:::::
microsoft	office_compatibility_pack_for_word_excel_ppt_2007	*	cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::::::::
microsoft	office_compatibility_pack_for_word_excel_ppt_2007	*	cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1::::::*
microsoft	office_word_viewer	2003	cpe:2.3:a:microsoft:office_word_viewer:2003:::::::*
microsoft	office_word_viewer	2003	cpe:2.3:a:microsoft:office_word_viewer:2003:sp3::::::
microsoft	open_xml_file_format_converter	*	cpe:2.3:a:microsoft:open_xml_file_format_converter:::mac:::::*
microsoft	works	8.0	cpe:2.3:a:microsoft:works:8.0:::::::*
microsoft	office_outlook	2007	cpe:2.3:a:microsoft:office_outlook:2007:::::::*
microsoft	office_outlook	2007	cpe:2.3:a:microsoft:office_outlook:2007:sp1::::::