Vulnerabilities > CVE-2008-0103 - Resource Management Errors vulnerability in Microsoft Office
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_MS_OFFICE_FEB2008.NASL description The remote Mac OS X host is running a version of Microsoft Office 2004 for Mac that is affected by multiple vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Office file or viewing a specially crafted web page, these issues could be leverage to execute arbitrary code subject to the user last seen 2020-03-18 modified 2010-10-20 plugin id 50055 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50055 title MS08-008 / MS08-013: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (947890 / 947108) (Mac OS X) code #TRUSTED 5771c5b45f6ce14eb9eb5bcb20f7c9cb33a76b3ae4a63afcbef40e7dad62cc7753ee7825d20debe31c4d140938f68abf578a8da3d4154047499ce4f0548733078f4ae6850c8ad6e47fed56f3421370b252075844b1a2fa780728de061cd3a5340dfb78d2bc6bc6a7b578a0e387798aa5473bcdb382b5b584f3da611fec3cc21915a2c47bd045ad6c5a78a555cb215a6962b26e8fdc9c16ce0e8583761ca5c7b0ae80136fe1c79c89e1bbeeefec400aeba18f3db2c0f2c59b8436338274faa469365a6567fa2d5c7435584644caec058bbc92f139cb9eb3a77e09b802dabd3840628e395d2166c45c134f8e561e1aa3d2625eae2122f4af95a74c0b680f009bcd52e6775c08a69d8c26e2d306386ac090ce27f310c27316a48747d8941767c2ee542cd442edf1a87084360afcfbaa3df32b4d3340b96779b0ea96f2646df92068c952fd819469dad25ea443bf60e5110f8091fee4785804956ff1726ff194537ba88ca4cc841df86535230702c3905b3ba7931719839deae3eebf394120b6c2d4c00cad06a2132cdf53ead7014e3ba50c9d5e6b44034b0442f7d1ac8419c07a0cad57dbc10dfc228750350de09a939a3dedb1ae44f25fd03c5590fbf74bdadcf64e2169d2ff843655c90f951e9faa1f71a5d55a833a14c98d9c4fbc18f8bfe4ce14b6c36b71f50519e8df957f92687001f7f250d5033828087cd2a9259a0df068 # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(50055); script_version("1.18"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14"); script_cve_id("CVE-2007-0065", "CVE-2008-0103"); script_bugtraq_id(27661, 27738); script_xref(name:"MSFT", value:"MS08-008"); script_xref(name:"IAVA", value:"2008-A-0006"); script_xref(name:"MSFT", value:"MS08-013"); script_xref(name:"MSKB", value:"947108"); script_xref(name:"MSKB", value:"947890"); script_xref(name:"MSKB", value:"948056"); script_name(english:"MS08-008 / MS08-013: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (947890 / 947108) (Mac OS X)"); script_summary(english:"Check version of Microsoft Office"); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Mac OS X host is running a version of Microsoft Office 2004 for Mac that is affected by multiple vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Office file or viewing a specially crafted web page, these issues could be leverage to execute arbitrary code subject to the user's privileges."); script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms08-008"); script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms08-013"); script_set_attribute(attribute:"solution", value:"Microsoft has released a patch for Office 2004 for Mac."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"stig_severity", value:"II"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } include("misc_func.inc"); include("ssh_func.inc"); include("macosx_func.inc"); if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS) enable_ssh_wrappers(); else disable_ssh_wrappers(); function exec(cmd) { local_var buf, ret; if (islocalhost()) buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd)); else { ret = ssh_open_connection(); if (!ret) exit(1, "ssh_open_connection() failed."); buf = ssh_cmd(cmd:cmd); ssh_close_connection(); } return buf; } packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(0, "The 'Host/MacOSX/packages' KB item is missing."); uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); if (!egrep(pattern:"Darwin.*", string:uname)) exit(1, "The host does not appear to be using the Darwin sub-system."); # Gather version info. info = ''; installs = make_array(); prod = 'Office 2004 for Mac'; cmd = GetCarbonVersionCmd(file:"Microsoft Component Plugin", path:"/Applications/Microsoft Office 2004/Office"); version = exec(cmd:cmd); if (version && version =~ "^[0-9]+\.") { version = chomp(version); if (version !~ "^11\.") exit(1, "Failed to get the version for "+prod+" - '"+version+"'."); installs[prod] = version; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); fixed_version = '11.4.0'; fix = split(fixed_version, sep:'.', keep:FALSE); for (i=0; i<max_index(fix); i++) fix[i] = int(fix[i]); for (i=0; i<max_index(fix); i++) if ((ver[i] < fix[i])) { info += '\n Product : ' + prod + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; break; } else if (ver[i] > fix[i]) break; } # Report findings. if (info) { gs_opt = get_kb_item("global_settings/report_verbosity"); if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info); else security_hole(0); exit(0); } else { if (max_index(keys(installs)) == 0) exit(0, "Office 2004 for Mac is not installed."); else { msg = 'The host has '; foreach prod (sort(keys(installs))) msg += prod + ' ' + installs[prod] + ' and '; msg = substr(msg, 0, strlen(msg)-1-strlen(' and ')); msg += ' installed and thus is not affected.'; exit(0, msg); } }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS08-013.NASL description The remote host is running a version of Microsoft Office that is vulnerable to a buffer overflow when handling malformed documents. An attacker may exploit this flaw to execute arbitrary code on this host, by sending a malformed file to a user of the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 31047 published 2008-02-12 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31047 title MS08-013: Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(31047); script_version("1.33"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id("CVE-2008-0103"); script_bugtraq_id(27738); script_xref(name:"MSFT", value:"MS08-013"); script_xref(name:"MSKB", value:"947108"); script_name(english:"MS08-013: Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)"); script_summary(english:"Determines the version of Office"); script_set_attribute(attribute:"synopsis", value:"Arbitrary code can be executed on the remote host through Office."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Microsoft Office that is vulnerable to a buffer overflow when handling malformed documents. An attacker may exploit this flaw to execute arbitrary code on this host, by sending a malformed file to a user of the remote host."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-013"); script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Office."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); include("audit.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS08-013'; kbs = make_list("947108"); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); office_versions = hotfix_check_office_version (); if ( !office_versions["9.0"] && !office_versions["10.0"] && !office_versions["11.0"]) exit(0, "Office version 9.0, 10.0, or 11.0 not found."); commons = hotfix_get_officecommonfilesdir(); if ( ! commons ) exit(1, "Failed to get Office Common Files directory."); port = kb_smb_transport(); if(! smb_session_init()) audit(AUDIT_FN_FAIL, "smb_session_init"); share = ''; lastshare = ''; vuln = FALSE; kb = '947108'; checkedfiles = make_array(); if (typeof(commons) != 'array') { temp = commons; commons = make_array('commonfiles', temp); } foreach key (keys(commons)) { common = commons[key]; #VBA 6- C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\vbe6.dll = 6.5.10.24 share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:common); vba6 = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1\Microsoft Shared\VBA\VBA6\vbe6.dll", string:common); path = common + "\Microsoft Shared\VBA\VBA6\"; if (checkedfiles[vba6]) continue; if (share != lastshar) { NetUseDel(close:FALSE); r = NetUseAdd(login:kb_smb_login(), password:kb_smb_password(), domain:kb_smb_domain(), share:share); if ( r != 1 ) audit(AUDIT_SHARE_FAIL, share); } handle = CreateFile (file:vba6, desired_access:GENERIC_READ, file_attributes:FILE_ATTRIBUTE_NORMAL, share_mode:FILE_SHARE_READ, create_disposition:OPEN_EXISTING); if ( ! isnull(handle) ) { checkedfiles[vba6] = 1; v = GetFileVersion(handle:handle); CloseFile(handle:handle); if ( ! isnull(v) ) { if ( v[0] == 6 && ( v[1] < 5 || (v[1] == 5 && v[2] < 10 ) || (v[1] == 5 && v[2] == 10 && v[3] < 24 ) )) { vuln = TRUE; info = 'Path : ' + path + '\n' + 'Installed version : ' + join(v, sep:'.') + '\n' + 'Fix : 6.5.10.24'; hotfix_add_report(info, bulletin:bulletin, kb:kb); break; } } } } NetUseDel(); if (vuln) { set_kb_item(name:"SMB/Missing/"+bulletin, value:"TRUE"); hotfix_security_hole(); exit(0); } else audit(AUDIT_HOST_NOT, 'affected');
Oval
| accepted | 2010-02-01T04:00:10.976-05:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:5407 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2008-02-12T18:19:01 | ||||||||||||
| title | Microsoft Office Execution Jump Vulnerability | ||||||||||||
| version | 9 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 27738 CVE(CAN) ID: CVE-2008-0103 Microsoft Office是非常流行的办公软件套件。 Microsoft Office在处理注入了畸形对象的Office文件时存在内存破坏漏洞,如果用户受骗打开了特制的Office文件的话,就可能触发这个漏洞,导致执行任意指令。 Microsoft Office XP SP3 Microsoft Office 2004 for Mac Microsoft Office 2003 Service Pack 2 Microsoft Office 2000 Service Pack 3 临时解决方法: * 限制对VBE6.dll的访问,在命令行键入: Windows XP: Echo y|cacls "%ProgramFiles%\common files\microsoft shared\vba\vba6\vbe6.dll" /E /P everyone:N Windows Vista: Takeown.exe /f "%ProgramFiles%\common files\microsoft shared\vba\vba6\vbe6.dll" Icacls.exe "%ProgramFiles%\common files\microsoft shared\vba\vba6\vbe6.dll" /save %TEMP%\VBE6_ACL.TXT Icacls.exe "%ProgramFiles%\common files\microsoft shared\vba\vba6\vbe6.dll" /deny everyone:(F) 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-013)以及相应补丁: MS08-013:Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108) 链接:<a href=http://www.microsoft.com/technet/security/Bulletin/MS08-013.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-013.mspx?pf=true</a> |
| id | SSV:2899 |
| last seen | 2017-11-19 |
| modified | 2008-02-20 |
| published | 2008-02-20 |
| reporter | Root |
| title | Microsoft Office执行跳转内存破坏漏洞(MS08-013) |
References
- http://marc.info/?l=bugtraq&m=120361015026386&w=2
- http://secunia.com/advisories/28909
- http://www.securityfocus.com/bid/27738
- http://www.securitytracker.com/id?1019375
- http://www.us-cert.gov/cas/techalerts/TA08-043C.html
- http://www.vupen.com/english/advisories/2008/0515/references
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-013
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5407