FKIE_CVE-2008-4837

Vulnerability from fkie_nvd - Published: 2008-12-10 14:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka "Word Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://www.securityfocus.com/archive/1/499064/100/0/threaded
secure@microsoft.comhttp://www.securitytracker.com/id?1021370
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-344A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/3384Vendor Advisory
secure@microsoft.comhttp://www.zerodayinitiative.com/advisories/ZDI-08-086
secure@microsoft.comhttp://www.zerodayinitiative.com/advisories/ZDI-08-086/
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5982
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/499064/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021370
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-344A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3384Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-08-086
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-08-086/
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5982
Impacted products
Vendor Product Version
microsoft office 2004
microsoft office 2008
microsoft office_compatibility_pack_for_word_excel_ppt_2007 *
microsoft office_compatibility_pack_for_word_excel_ppt_2007 *
microsoft office_word_viewer 2003
microsoft office_word_viewer 2003
microsoft open_xml_file_format_converter *
microsoft works 8.0
microsoft office_outlook 2007
microsoft office_outlook 2007
microsoft office_word 2000
microsoft office_word 2002
microsoft office_word 2003
microsoft office_word 2007
microsoft office 2000
microsoft office 2003
microsoft office xp
microsoft office_system *
microsoft office_system sp1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*",
              "matchCriteriaId": "5BA91840-371C-4282-9F7F-B393F785D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD97FF64-64A5-467C-B352-45B89B4A6536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34C5FEAD-4B4B-44EB-9F3A-05093347A2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "523CCEC6-6B7D-4D77-B2B0-4E4C349A7030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B4B148CC-6C58-411B-8503-01F3BE1D5906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "3807A4E4-EB58-47B6-AD98-6ED464DEBA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "293914AF-6101-4F50-9560-A4EA99D767C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AB63E7-7FB6-47DE-9451-676887AFC55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "45E63CC9-6EBC-4672-A0DB-A73D455002C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C1B2B207-751F-4596-B805-B4622E312B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CDA5243A-BA58-41BC-8FFC-317239E511C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8D06FE-002B-48B2-991D-860C3AF7D2D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:*:2007:*:*:*:*:*:*",
              "matchCriteriaId": "224A6712-E6DF-4BC6-9D61-73DD73C2F66B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:office_system:sp1:2007:*:*:*:*:*:*",
              "matchCriteriaId": "491B00D2-3B9B-46AB-B068-B1AD96698EE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka \"Word Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 y 2007 Gold y SP1; Word Viewer 2003 Gold y SP3; Paquete de compatibilidad de Office para formatos de archivo de Word, Excel y PowerPoint 2007 Gold y SP1; y Microsoft Works versi\u00f3n 8 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un documento de Word creado que contiene una propiedad de tabla malformada, lo que desencadena una corrupci\u00f3n de memoria, tambi\u00e9n se conoce como \"Word Memory Corruption Vulnerability.\""
    }
  ],
  "id": "CVE-2008-4837",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-10T14:00:01.173",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/499064/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-086"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-086/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/499064/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-086/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5982"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.