CVE-2008-1088

Currently unrated

Key Information:

Vendor: Microsoft
Status: Project
Vendor: CVE Published:; 8 April 2008

Summary

Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."

References

http://www.us-cert.gov/cas/techalerts/TA08-099A.html

third-party-advisoryx_refsource_CERT

http://marc.info/?l=bugtraq&m=120845064910729&w=2

vendor-advisoryx_refsource_HP

http://www.securityfocus.com/bid/28607

vdb-entryx_refsource_BID

EPSS Score

76% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 8, 2008
Vulnerability Reserved
Feb 28, 2008

Collectors

NVD DatabaseMitre Database