Vulnerabilities > CVE-2008-1088 - Resource Management Errors vulnerability in Microsoft Project 2000/2002/2003

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."

Vulnerable Configurations

Part Description Count
Application
Microsoft
3

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS08-018.NASL
descriptionThe remote host contains a version of Microsoft Project that has a vulnerability in the way it validates memory that could be used by an attacker to execute arbitrary code on the remote host. To exploit this vulnerability, an attacker would need to spend a specially crafted Project document to a user on the remote host and lure him into opening it.
last seen2020-06-01
modified2020-06-02
plugin id31791
published2008-04-11
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/31791
titleMS08-018: Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)

Oval

accepted2012-05-28T04:01:53.390-04:00
classvulnerability
contributors
  • nameSudhir Gandhe
    organizationSecure Elements, Inc.
  • nameMike Lah
    organizationThe MITRE Corporation
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
  • commentMicrosoft Project 2000 SR1 is installed
    ovaloval:org.mitre.oval:def:518
  • commentMicrosoft Project 2002 SP1 is installed
    ovaloval:org.mitre.oval:def:707
  • commentMicrosoft Project 2003 SP2 is installed
    ovaloval:org.mitre.oval:def:4586
descriptionMicrosoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
familywindows
idoval:org.mitre.oval:def:5384
statusaccepted
submitted2008-04-08T16:04:00
titleProject Memory Validation Vulnerability
version6

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 28607 CVE(CAN) ID: CVE-2008-1088 Project是微软Office套件中的项目管理和控制组件。 Microsoft Project在打开Project文件时没有正确地验证内存资源分配。如果用户受骗打开了畸形文档,就可能触发这个漏洞,导致执行任意指令。 Microsoft Project 2003 SP2 Microsoft Project 2002 SP1 Microsoft Project 2000 Service Release 1 临时解决方法: * 不要打开不可信任来源或可信任来源意外接收到的Microsoft Office文件。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-018)以及相应补丁: MS08-018:Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) 链接:<a href=http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx?pf=true</a>
idSSV:3142
last seen2017-11-19
modified2008-04-10
published2008-04-10
reporterRoot
titleMicrosoft Project资源内存分配远程代码执行漏洞(MS08-018)