Remote Code Execution Vulnerability in Microsoft Office Products
CVE-2008-3019

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Converter Pack; Office; Works
Vendor: CVE Published:; 12 August 2008

What is CVE-2008-3019?

Microsoft Office products including Office 2000 SP3, XP SP3, and 2003 SP2, as well as the Office Converter Pack and Works 8 have a vulnerability stemming from insufficient parsing of EPS file lengths. Attackers could exploit this flaw by crafting a malicious EPS file, potentially allowing them to execute arbitrary code on the affected systems. It is crucial for users to ensure they are using updated versions of these products to mitigate the risk associated with this vulnerability.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

third-party-advisoryx_refsource_CERT

http://marc.info/?l=bugtraq&m=121915960406986&w=2

vendor-advisoryx_refsource_HP

EPSS Score

54% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 12, 2008
Vulnerability Reserved
Jul 7, 2008