1. Home
  2. CVE Database
  3. CVE-2008-1091
HIGH · 9.3

CVE-2008-1091

Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format...

Vulnerability Description

Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftOffice2000
MicrosoftOffice Compatibility Pack For Word Excel Ppt 2007All versions
MicrosoftWord Viewer2003

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2008-1091?

CVE-2008-1091 is a vulnerability with a CVSS score of 9.3 (HIGH). Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format...

How severe is CVE-2008-1091?

CVE-2008-1091 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1091?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Office Compatibility Pack For Word Excel Ppt 2007, Microsoft Word Viewer.