Memory Corruption Vulnerability in Microsoft Office Products
CVE-2008-4027

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Office Word Viewer; Office Compatibility Pack For Word Excel Ppt 2007
Vendor: CVE Published:; 10 December 2008

Summary

A double free vulnerability exists in various versions of Microsoft Office products, allowing attackers to exploit malformed RTF files or rich text email messages containing multiple consecutive Drawing Object tags. This flaw can trigger memory calculation errors leading to memory corruption, which malicious actors can leverage to execute arbitrary code on the affected systems, compromising user data and system integrity.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.zerodayinitiative.com/advisories/ZDI-08-084

x_refsource_MISC

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

64% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Sep 10, 2008