Vulnerabilities > CVE-2008-4030 - Resource Management Errors vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id | MS08-072 |
bulletin_url | |
date | 2008-12-09T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 957173 |
knowledgebase_url | |
severity | Critical |
title | Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS08-072.NASL |
description | The remote host is running a version of Microsoft Word that may allow arbitrary code to be run on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it. Then a bug in the word record parsing handler would result in code execution. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 35071 |
published | 2008-12-10 |
reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/35071 |
title | MS08-072: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (957173) |
code |
|
Oval
accepted | 2014-06-30T04:11:05.227-04:00 | ||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||
description | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. | ||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:5737 | ||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||
submitted | 2008-12-09T13:52:00-05:00 | ||||||||||||||||||||||||||||
title | Word RTF Object Parsing Vulnerability | ||||||||||||||||||||||||||||
version | 29 |
References
- http://www.securitytracker.com/id?1021370
- http://www.securitytracker.com/id?1021370
- http://www.us-cert.gov/cas/techalerts/TA08-344A.html
- http://www.us-cert.gov/cas/techalerts/TA08-344A.html
- http://www.vupen.com/english/advisories/2008/3384
- http://www.vupen.com/english/advisories/2008/3384
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737