Vulnerability Details : CVE-2008-1434
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2008-1434
- cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2007_sp1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word_viewer:2003:*:sp3:*:*:*:*:*
- cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:sp1:*:*:*:*:*
- cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1434
80.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1434
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-1434
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1434
-
http://www.us-cert.gov/cas/techalerts/TA08-134A.html
US Government Resource
-
http://marc.info/?l=bugtraq&m=121129490723574&w=2
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026
-
http://www.vupen.com/english/advisories/2008/1504/references
Vendor Advisory
-
http://www.securitytracker.com/id?1020014
-
http://www.securityfocus.com/bid/29105
Patch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5012
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700
Jump to