Microsoft Office Word and Outlook Vulnerability Allowing Remote Code Execution
CVE-2008-4030

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Office Word Viewer; Office Compatibility Pack For Word Excel Ppt 2007
Vendor: CVE Published:; 10 December 2008

Summary

A vulnerability exists in Microsoft Office products that allows remote attackers to execute arbitrary code. This occurs when specially crafted control words are processed in Rich Text Format (RTF) files or rich text e-mail messages, leading to incorrect memory allocation and potential memory corruption. This flaw can compromise the integrity of the affected applications, resulting in unauthorized actions on the user's system.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securitytracker.com/id?1021370

vdb-entryx_refsource_SECTRACK

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Sep 10, 2008