Memory Corruption Vulnerability in Microsoft Office Products
CVE-2008-4024

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Office Word Viewer; Office Compatibility Pack For Word Excel Ppt 2007
Vendor: CVE Published:; 10 December 2008

Summary

Microsoft Office Word versions 2000 SP3, 2002 SP3, and Office 2004 for Mac are susceptible to a memory corruption vulnerability. This flaw allows remote attackers to execute arbitrary code by delivering a specially crafted Word document. The exploit takes advantage of an improper initialization step in the File Information Block (FIB), specifically targeting the lcbPlcfBkfSdt field. When processed, it can trigger an arbitrary free condition, enabling unauthorized code execution and potentially compromising system security.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/archive/1/499086/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Sep 10, 2008