Microsoft Office Vulnerability in PICT File Handling
CVE-2008-3021

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Converter Pack; Office; Works
Vendor: CVE Published:; 12 August 2008

What is CVE-2008-3021?

The vulnerability arises from improper parsing of the length of a PICT file in several Microsoft Office products. An attacker can exploit this weakness by crafting a malicious PICT file with an invalid bits_per_pixel field, which could lead to arbitrary code execution when the file is processed. This situation underscores the importance of software updates to safeguard against such vulnerabilities, as it can expose users to significant security risks.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

third-party-advisoryx_refsource_CERT

http://www.zerodayinitiative.com/advisories/ZDI-08-049/

x_refsource_MISC

EPSS Score

67% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 12, 2008
Vulnerability Reserved
Jul 7, 2008