Vulnerabilities > CVE-2008-0109 - Resource Management Errors vulnerability in Microsoft Office and Word
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS08-009.NASL |
| description | The remote host is running a version of Microsoft Word that is subject to a flaw that could allow arbitrary code to be run. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it. Then a bug in the font parsing handler would result in code execution. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 31043 |
| published | 2008-02-12 |
| reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/31043 |
| title | MS08-009: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (947077) |
Oval
| accepted | 2013-02-18T04:00:21.390-05:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. | ||||||||||||||||||||
| family | windows | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:5073 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2008-02-12T17:49:09 | ||||||||||||||||||||
| title | Word Memory Corruption Vulnerability | ||||||||||||||||||||
| version | 10 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 27656 CVE(CAN) ID: CVE-2008-0109 Word是微软Office办公软件套件中的文字处理工具。 Word在解析文件信息块(FIB)中的某些字段时存在内存破坏漏洞,如果用户受骗打开了特制的DOC文档的话,就可能触发这个漏洞,导致执行任意指令。 Microsoft Word 2003 SP2 Microsoft Word 2002 SP3 Microsoft Word 2000 SP3 临时解决方法: * 在打开未知或不可信任来源的文件时,使用Microsoft Office隔离转换环境(MOICE)。 * 使用Microsoft Office文件阻断策略以防止打开未知或不可信任来源的Office 2003及更早版本的文档。可使用以下注册表脚本为Office 2003设置文件阻断策略: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\FileOpenBlock] "BinaryFiles"=dword:00000001 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-009)以及相应补丁: MS08-009:Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077) 链接:<a href=http://www.microsoft.com/technet/security/Bulletin/MS08-009.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-009.mspx?pf=true</a> |
| id | SSV:2898 |
| last seen | 2017-11-19 |
| modified | 2008-02-20 |
| published | 2008-02-20 |
| reporter | Root |
| title | Microsoft Word文件信息块内存破坏漏洞(MS08-009) |
References
- http://marc.info/?l=bugtraq&m=120361015026386&w=2
- http://secunia.com/advisories/28901
- http://www.kb.cert.org/vuls/id/692417
- http://www.securityfocus.com/archive/1/488071/100/0/threaded
- http://www.securityfocus.com/bid/27656
- http://www.securitytracker.com/id?1019374
- http://www.us-cert.gov/cas/techalerts/TA08-043C.html
- http://www.vupen.com/english/advisories/2008/0511/references
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-009
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5073