Remote Code Execution Risk in Microsoft Office Products and Word Viewer
CVE-2008-4028

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Office Word Viewer; Office Compatibility Pack For Word Excel Ppt 2007
Vendor: CVE Published:; 10 December 2008

Summary

A remote code execution vulnerability exists in multiple versions of Microsoft Office products and Word Viewer due to improper handling of control words in RTF files and rich text emails. When an attacker crafts a malicious RTF document or email message, it can trigger incorrect memory allocation leading to a heap-based buffer overflow. This flaw can potentially allow an attacker to execute arbitrary code on users' machines without their knowledge, compromising system security.

References

http://www.zerodayinitiative.com/advisories/ZDI-08-085/

x_refsource_MISC

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/archive/1/499063/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

68% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Sep 10, 2008