Remote Code Execution Vulnerability in Microsoft Project by Microsoft
CVE-2008-1088

Currently unrated

Key Information:

Vendor: Microsoft
Status: Project
Vendor: CVE Published:; 8 April 2008

Summary

This vulnerability exists in Microsoft Project versions 2000 Service Release 1, 2002 SP1, and 2003 SP2, where improper validation of memory resource allocations can be exploited by remote attackers. Specifically, by tricking users into opening a specially crafted Project file, an attacker may execute arbitrary code on the victim's system, potentially leading to unauthorized access and data compromise.

References

http://www.us-cert.gov/cas/techalerts/TA08-099A.html

third-party-advisoryx_refsource_CERT

http://marc.info/?l=bugtraq&m=120845064910729&w=2

vendor-advisoryx_refsource_HP

http://www.securityfocus.com/bid/28607

vdb-entryx_refsource_BID

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 8, 2008
Vulnerability Reserved
Feb 28, 2008