Remote Code Execution Vulnerability in Microsoft Office Products
CVE-2008-4031

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Office Word Viewer; Office Compatibility Pack For Word Excel Ppt 2007
Vendor: CVE Published:; 10 December 2008

Summary

This vulnerability allows remote attackers to execute arbitrary code on affected Microsoft Office versions by crafting a malformed RTF file or rich text email message. The flaw occurs due to improper memory allocation and memory corruption, leading to unpredictable behavior when users open the malicious files or open emails containing harmful RTF content.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id?1021370

vdb-entryx_refsource_SECTRACK

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Sep 10, 2008