FKIE_CVE-2008-4030

Vulnerability from fkie_nvd - Published: 2008-12-10 14:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028.
References
secure@microsoft.comhttp://www.securitytracker.com/id?1021370
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-344A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/3384
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021370
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-344A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3384
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737
Impacted products
Vendor Product Version
microsoft office 2004
microsoft office 2008
microsoft office_compatibility_pack_for_word_excel_ppt_2007 *
microsoft office_compatibility_pack_for_word_excel_ppt_2007 *
microsoft office_word_viewer 2003
microsoft office_word_viewer 2003
microsoft open_xml_file_format_converter *
microsoft works 8.0
microsoft office_outlook 2007
microsoft office_outlook 2007
microsoft office_word 2000
microsoft office_word 2002
microsoft office_word 2003
microsoft office_word 2007
microsoft office 2000
microsoft office 2003
microsoft office xp
microsoft office_system *
microsoft office_system sp1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "523CCEC6-6B7D-4D77-B2B0-4E4C349A7030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AB63E7-7FB6-47DE-9451-676887AFC55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "45E63CC9-6EBC-4672-A0DB-A73D455002C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C1B2B207-751F-4596-B805-B4622E312B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CDA5243A-BA58-41BC-8FFC-317239E511C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8D06FE-002B-48B2-991D-860C3AF7D2D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*",
              "matchCriteriaId": "224A6712-E6DF-4BC6-9D61-73DD73C2F66B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*",
              "matchCriteriaId": "491B00D2-3B9B-46AB-B068-B1AD96698EE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka \"Word RTF Object Parsing Vulnerability,\" a different vulnerability than CVE-2008-4028."
    },
    {
      "lang": "es",
      "value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, y 2007 Gold y SP1; Outlook 2007 Gold y SP1; Word Viewer 2003 Gold  y SP3; y Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats Gold y SP1, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de palabras de control manipuladas en ficheros (1) RTF o (2) e-mail con texto enriquecido, lo que provoca una asignaci\u00f3n incorrecta de memoria y una corrupci\u00f3n de memoria, tambi\u00e9n conocida como \"Vulnerabilidad Word RTF Object Parsing\". Vulnerabilidad diferente de CVE-2008-4028."
    }
  ],
  "id": "CVE-2008-4030",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:00.877",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5737"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.