Use-After-Free Vulnerability in Microsoft Word Products
CVE-2008-1434

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office; Office Compatibility Pack For Word Excel Ppt 2007; Word Viewer
Vendor: CVE Published:; 13 May 2008

What is CVE-2008-1434?

A use-after-free vulnerability exists in Microsoft Word products, which can be exploited by remote attackers to execute arbitrary code. This vulnerability is triggered when a crafted HTML document with an excessive number of Cascading Style Sheets (CSS) selectors is processed, leading to memory corruption due to a memory handling error. Users of affected versions are at risk when interacting with malicious documents, underscoring the importance of regular updates and proper security measures.

References

http://www.securitytracker.com/id?1020014

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.vupen.com/english/advisories/2008/1504/references

vdb-entryx_refsource_VUPEN

EPSS Score

60% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 13, 2008
Vulnerability Reserved
Mar 21, 2008