Vulnerability Details : CVE-2008-0109
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
Vulnerability category: Memory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2008-0109
Probability of exploitation activity in the next 30 days: 54.22%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-0109
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-0109
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0109
- http://www.securityfocus.com/archive/1/488071/100/0/threaded
-
http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Page Not Found | CISAUS Government Resource
-
http://www.vupen.com/english/advisories/2008/0511/references
Vendor Advisory
-
http://marc.info/?l=bugtraq&m=120361015026386&w=2
'[security bulletin] HPSBST02314 SSRT080016 rev.1 - Storage Management Appliance (SMA), Microsoft Pat' - MARC
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-009
-
http://www.securitytracker.com/id?1019374
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5073
-
http://www.securityfocus.com/bid/27656
-
http://www.kb.cert.org/vuls/id/692417
US Government Resource
Products affected by CVE-2008-0109
- cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*