Vulnerability Description
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2000 |
| Microsoft | Word | All versions |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=120361015026386&w=2
- http://secunia.com/advisories/28901Vendor Advisory
- http://www.kb.cert.org/vuls/id/692417US Government Resource
- http://www.securityfocus.com/archive/1/488071/100/0/threaded
- http://www.securityfocus.com/bid/27656
- http://www.securitytracker.com/id?1019374
- http://www.us-cert.gov/cas/techalerts/TA08-043C.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2008/0511/referencesVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-00
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=120361015026386&w=2
- http://secunia.com/advisories/28901Vendor Advisory
- http://www.kb.cert.org/vuls/id/692417US Government Resource
- http://www.securityfocus.com/archive/1/488071/100/0/threaded
- http://www.securityfocus.com/bid/27656
FAQ
What is CVE-2008-0109?
CVE-2008-0109 is a vulnerability with a CVSS score of 9.3 (HIGH). Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of ...
How severe is CVE-2008-0109?
CVE-2008-0109 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0109?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Word.