Vulnerabilities > CVE-2008-3460 - Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS08-044.NASL |
| description | The remote host is running a version of some Microsoft Office filters that are subject to various flaws that could allow arbitrary code to be run. An attacker may use these to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it import it with Microsoft Office. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 33873 |
| published | 2008-08-13 |
| reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/33873 |
| title | MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) |
Oval
| accepted | 2015-08-10T04:01:02.821-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability." | ||||||||||||||||||||
| family | windows | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:6019 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2008-08-13T09:28:00 | ||||||||||||||||||||
| title | Microsoft Office WPG Image File Heap Corruption Vulnerability | ||||||||||||||||||||
| version | 15 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=737
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://secunia.com/advisories/31336
- http://www.securityfocus.com/bid/30600
- http://www.securitytracker.com/id?1020673
- http://www.us-cert.gov/cas/techalerts/TA08-225A.html
- http://www.vupen.com/english/advisories/2008/2348
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6019