FKIE_CVE-2008-0109

Vulnerability from fkie_nvd - Published: 2008-02-12 23:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
References
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=120361015026386&w=2
secure@microsoft.comhttp://secunia.com/advisories/28901Vendor Advisory
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/692417US Government Resource
secure@microsoft.comhttp://www.securityfocus.com/archive/1/488071/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/27656
secure@microsoft.comhttp://www.securitytracker.com/id?1019374
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-043C.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/0511/referencesVendor Advisory
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-009
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5073
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=120361015026386&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28901Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/692417US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/488071/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27656
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019374
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-043C.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0511/referencesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-009
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5073
Impacted products
Vendor Product Version
microsoft office 2000
microsoft office 2003
microsoft office 2003
microsoft office xp
microsoft word *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7EA4CC-E705-42DB-86B6-E229DA36B66D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "391970C6-3A95-404B-9180-28A340B122DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption."
    },
    {
      "lang": "es",
      "value": "Word en Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2 y Office Word Viewer 2003, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de campos especialmente dise\u00f1ados dentro del File Information Block (FIB) de un archivo de Word, lo que desencadena errores de c\u00e1lculo de longitud  y corrupci\u00f3n de memoria."
    }
  ],
  "id": "CVE-2008-0109",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-02-12T23:00:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28901"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/692417"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/488071/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/27656"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1019374"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0511/references"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-009"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/692417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/488071/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0511/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5073"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.