CVE-2008-2244

High PUBLISHED

Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the...

Microsoft · Office Word 2002 SP3

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
9.3 High

At a Glance

Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.

CVE Published
Jul 09, 2008
Exploitation Reported
Jul 09, 2008
CVSS
9.3 High
EPSS
Remote Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • HPSBST02360 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=121915960406986&w=2
  • 30975 secunia.com · Third-Party Advisory http://secunia.com/advisories/30975
  • TA08-225A us-cert.gov · Third-Party Advisory http://www.us-cert.gov/cas/techalerts/TA08-225A.html
  • ADV-2008-2028 vupen.com · VDB Entry http://www.vupen.com/english/advisories/2008/2028
  • oval:org.mitre.oval:def:5897 oval.cisecurity.org · VDB Entry https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.m...
Show 6 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.