CVE-2008-1090 : Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 200

Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."

Published 2008-04-08 23:05:00

Updated 2025-04-09 00:30:58

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2008-1090

Microsoft » Office » Version: XP Update SP2
cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2003 Update SP2
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2003 Update SP3
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2007
cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2007 Sp1
cpe:2.3:a:microsoft:office:2007_sp1:*:*:*:*:*:*:*
Matching versions
Microsoft » Visio » Version: 2002 Update SP2
cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Visio » Version: 2003 Update SP1
cpe:2.3:a:microsoft:visio:2003:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visio » Version: 2003 Sp3
cpe:2.3:a:microsoft:visio:2003_sp3:*:*:*:*:*:*:*
Matching versions
Microsoft » Visio » Version: 2007
cpe:2.3:a:microsoft:visio:2007:*:*:*:*:*:*:*
Matching versions
Microsoft » Visio » Version: 2007 Sp1
cpe:2.3:a:microsoft:visio:2007_sp1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-1090

EPSS FAQ

62.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-1090

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-1090

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-1090

http://www.securitytracker.com/id?1019804

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5344
http://www.securityfocus.com/bid/28556

Patch
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-019

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/41452
http://www.vupen.com/english/advisories/2008/1143/references

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA08-099A.html

Page Not Found | CISA
US Government Resource

CVEs referencing this url
http://secunia.com/advisories/29691

Patch;Vendor Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=120845064910729&w=2

'[security bulletin] HPSBST02329 SSRT080048 rev.1 - Storage Management Appliance (SMA), Microsoft Pat' - MARC

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2008-1090

Products affected by CVE-2008-1090

Exploit prediction scoring system (EPSS) score for CVE-2008-1090

CVSS scores for CVE-2008-1090

CWE ids for CVE-2008-1090

References for CVE-2008-1090