Remote Code Execution Risk in Microsoft Office Products and Word Viewer
CVE-2008-4028

Currently unrated

Key Information:

Vendor

Microsoft
Status
Open Xml File Format Converter
Office
Office Word Viewer
Office Compatibility Pack For Word Excel Ppt 2007
Vendor
CVE Published:
10 December 2008

What is CVE-2008-4028?

A remote code execution vulnerability exists in multiple versions of Microsoft Office products and Word Viewer due to improper handling of control words in RTF files and rich text emails. When an attacker crafts a malicious RTF document or email message, it can trigger incorrect memory allocation leading to a heap-based buffer overflow. This flaw can potentially allow an attacker to execute arbitrary code on users' machines without their knowledge, compromising system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.zerodayinitiative.com/advisories/ZDI-08-085/
x_refsource_MISC
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securityfocus.com/archive/1/499063/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

69% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.