Lucene search

MicrosoftCVE-2008-4837

HistoryDec 10, 2008 - 2:00 p.m.

CVE-2008-4837

2008-12-1014:00:01

CWE-119

microsoft

web.nvd.nist.gov

microsoft office

word

remote code execution

buffer overflow

cve-2008-4837

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.686

Percentile

98.0%

JSON

Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka “Word Memory Corruption Vulnerability.”

Affected configurations

Nvd

Node

microsoftofficeMatch2004mac

microsoftofficeMatch2008mac

microsoftoffice_compatibility_pack_for_word_excel_ppt_2007

microsoftoffice_compatibility_pack_for_word_excel_ppt_2007sp1

microsoftoffice_word_viewerMatch2003

microsoftoffice_word_viewerMatch2003sp3

microsoftopen_xml_file_format_convertermac

microsoftworksMatch8.0

Node

microsoftoffice_outlookMatch2007

microsoftoffice_outlookMatch2007sp1

microsoftoffice_wordMatch2000sp3

microsoftoffice_wordMatch2002sp3

microsoftoffice_wordMatch2003sp3

microsoftoffice_wordMatch2007

AND

microsoftofficeMatch2000sp3

microsoftofficeMatch2003sp3

microsoftofficeMatchxpsp3

microsoftoffice_system2007

microsoftoffice_systemMatchsp12007

VendorProductVersionCPE
microsoftoffice2004cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
microsoftoffice2008cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
microsoftoffice_compatibility_pack_for_word_excel_ppt_2007*cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*
microsoftoffice_compatibility_pack_for_word_excel_ppt_2007*cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*
microsoftoffice_word_viewer2003cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*
microsoftoffice_word_viewer2003cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*
microsoftopen_xml_file_format_converter*cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*
microsoftworks8.0cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*
microsoftoffice_outlook2007cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*
microsoftoffice_outlook2007cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	2004	cpe:2.3:a:microsoft:office:2004::mac:::::
microsoft	office	2008	cpe:2.3:a:microsoft:office:2008::mac:::::
microsoft	office_compatibility_pack_for_word_excel_ppt_2007	*	cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::::::::
microsoft	office_compatibility_pack_for_word_excel_ppt_2007	*	cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007::sp1::::::*
microsoft	office_word_viewer	2003	cpe:2.3:a:microsoft:office_word_viewer:2003:::::::*
microsoft	office_word_viewer	2003	cpe:2.3:a:microsoft:office_word_viewer:2003:sp3::::::
microsoft	open_xml_file_format_converter	*	cpe:2.3:a:microsoft:open_xml_file_format_converter:::mac:::::*
microsoft	works	8.0	cpe:2.3:a:microsoft:works:8.0:::::::*
microsoft	office_outlook	2007	cpe:2.3:a:microsoft:office_outlook:2007:::::::*
microsoft	office_outlook	2007	cpe:2.3:a:microsoft:office_outlook:2007:sp1::::::