CVE-2008-2244

Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the...

Basic Information

CVE State: PUBLISHED
Reserved Date: May 16, 2008
Published Date: July 09, 2008
Last Updated: August 07, 2024
Vendor: Microsoft
Product: Office Word 2002 SP3
Description: Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.

CVSS Scores

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploit Status

Exploited in the Wild: Yes (2008-07-09 22:00:00 UTC) Source

References

http://secunia.com/advisories/30975 http://isc.sans.org/diary.html?storyid=4696 http://www.microsoft.com/technet/security/advisory/953635.mspx http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://blogs.technet.com/msrc/archive/2008/07/08/vulnerability-in-microsoft-word-could-allow-remote-code-execution.aspx http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://www.vupen.com/english/advisories/2008/2028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5897 http://www.securityfocus.com/bid/30124 https://exchange.xforce.ibmcloud.com/vulnerabilities/43663 http://www.securitytracker.com/id?1020447

Known Exploited Vulnerability Information

Source	Added Date
CVE	2008-07-09 22:00:00 UTC

Timeline

CVE ID Reserved

May 16, 2008
CVE Published to Public

July 09, 2008
Added to KEVIntel

July 09, 2008