Memory Corruption Vulnerability in Microsoft Word Products
CVE-2008-1091

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office; Office Compatibility Pack For Word Excel Ppt 2007; Word Viewer
Vendor: CVE Published:; 13 May 2008

Summary

A vulnerability exists in the Microsoft Word application within various Office versions that allows remote attackers to execute arbitrary code. This occurs through the utilization of a specially crafted Rich Text Format (RTF) file containing a malformed string. The flaw causes a memory calculation error leading to a heap-based buffer overflow, which could compromise the integrity of the affected system or application.

References

http://www.securityfocus.com/archive/1/492020/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/29104

vdb-entryx_refsource_BID

EPSS Score

58% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 13, 2008
Vulnerability Reserved
Feb 28, 2008