Vulnerabilities > CVE-2008-0121 - Resource Management Errors vulnerability in Microsoft Office Powerpoint Viewer 2003
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS08-051.NASL |
description | The remote host is running a version of Microsoft PowerPoint which is subject to a flaw that could allow arbitrary code to be run. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it. Then a bug in the font parsing handler would result in code execution. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 33880 |
published | 2008-08-13 |
reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/33880 |
title | MS08-051: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) |
code |
|
Oval
accepted | 2014-06-30T04:11:05.061-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." | ||||||||||||||||||||
family | windows | ||||||||||||||||||||
id | oval:org.mitre.oval:def:5724 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2008-08-13T09:28:00 | ||||||||||||||||||||
title | Memory Calculation Vulnerability | ||||||||||||||||||||
version | 13 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 30554 CVE(CAN) ID: CVE-2008-0121 Microsoft PowerPoint是微软Office套件中的文档演示工具。 PowerPoint Viewer 2003在处理PPT演示文件中的某些记录时对数组索引缺少边界检查,在某些环境下攻击者可以直接控制演示文件中的数组索引,这样就可以控制函数指针,导致执行任意代码。 Microsoft PowerPoint Viewer 2003 临时解决方法: * 不要打开或保存从不受信任来源或从受信任来源意外收到的Microsoft Office文件。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-051)以及相应补丁: MS08-051:Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS08-051.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/bulletin/MS08-051.mspx?pf=true</a> 补丁下载: <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=911c8872-dec8-4b8e-9708-93dcabd3e036 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=911c8872-dec8-4b8e-9708-93dcabd3e036</a> |
id | SSV:3830 |
last seen | 2017-11-19 |
modified | 2008-08-14 |
published | 2008-08-14 |
reporter | Root |
title | Microsoft PowerPoint Viewer 2003越界数组索引漏洞(MS08-051) |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=738
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=738
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://secunia.com/advisories/31453
- http://secunia.com/advisories/31453
- http://www.securityfocus.com/bid/30554
- http://www.securityfocus.com/bid/30554
- http://www.securitytracker.com/id?1020676
- http://www.securitytracker.com/id?1020676
- http://www.us-cert.gov/cas/techalerts/TA08-225A.html
- http://www.us-cert.gov/cas/techalerts/TA08-225A.html
- http://www.vupen.com/english/advisories/2008/2355
- http://www.vupen.com/english/advisories/2008/2355
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-051
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-051
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5724
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5724