Buffer Overflow Vulnerability in Microsoft Office Products
CVE-2008-3020

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Converter Pack; Office; Works
Vendor: CVE Published:; 12 August 2008

What is CVE-2008-3020?

A buffer overflow vulnerability exists in Microsoft Office products, specifically in how they handle BMP files. When a manipulated BMP file is processed, it can lead to remote code execution, enabling attackers to execute arbitrary commands on the affected system. This issue is critical for users of Microsoft Office 2000 SP3, XP SP3, the Office Converter Pack, and Microsoft Works 8, as it poses significant security risks if exploited.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

third-party-advisoryx_refsource_CERT

http://marc.info/?l=bugtraq&m=121915960406986&w=2

vendor-advisoryx_refsource_HP

EPSS Score

54% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 12, 2008
Vulnerability Reserved
Jul 7, 2008