Vulnerabilities > CVE-2008-1088 - Resource Management Errors vulnerability in Microsoft Project 2000/2002/2003
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS08-018.NASL |
| description | The remote host contains a version of Microsoft Project that has a vulnerability in the way it validates memory that could be used by an attacker to execute arbitrary code on the remote host. To exploit this vulnerability, an attacker would need to spend a specially crafted Project document to a user on the remote host and lure him into opening it. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 31791 |
| published | 2008-04-11 |
| reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/31791 |
| title | MS08-018: Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) |
Oval
| accepted | 2012-05-28T04:01:53.390-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations." | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:5384 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2008-04-08T16:04:00 | ||||||||||||
| title | Project Memory Validation Vulnerability | ||||||||||||
| version | 6 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 28607 CVE(CAN) ID: CVE-2008-1088 Project是微软Office套件中的项目管理和控制组件。 Microsoft Project在打开Project文件时没有正确地验证内存资源分配。如果用户受骗打开了畸形文档,就可能触发这个漏洞,导致执行任意指令。 Microsoft Project 2003 SP2 Microsoft Project 2002 SP1 Microsoft Project 2000 Service Release 1 临时解决方法: * 不要打开不可信任来源或可信任来源意外接收到的Microsoft Office文件。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-018)以及相应补丁: MS08-018:Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) 链接:<a href=http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx?pf=true</a> |
| id | SSV:3142 |
| last seen | 2017-11-19 |
| modified | 2008-04-10 |
| published | 2008-04-10 |
| reporter | Root |
| title | Microsoft Project资源内存分配远程代码执行漏洞(MS08-018) |
References
- http://marc.info/?l=bugtraq&m=120845064910729&w=2
- http://secunia.com/advisories/29690
- http://www.kb.cert.org/vuls/id/155563
- http://www.securityfocus.com/bid/28607
- http://www.securitytracker.com/id?1019797
- http://www.us-cert.gov/cas/techalerts/TA08-099A.html
- http://www.vupen.com/english/advisories/2008/1142/references
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-018
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41447
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5384