CVE-2008-1092

EPSS 60.64%
Veröffentlicht 25.03.2008 16:44:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008.  NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Word Version2000 Updatesp3

   Microsoft ≫ Windows 2000 Version-
   Microsoft ≫ Windows 2003 Server Versionsp1
   Microsoft ≫ Windows Xp Version-

Microsoft ≫ Word Version2002 Updatesp3

   Microsoft ≫ Windows 2000 Version-
   Microsoft ≫ Windows 2003 Server Versionsp1
   Microsoft ≫ Windows Xp Version-

Microsoft ≫ Word Version2003 Updatesp2

   Microsoft ≫ Windows 2000 Version-
   Microsoft ≫ Windows 2003 Server Versionsp1
   Microsoft ≫ Windows Xp Version-

Microsoft ≫ Word Version2003_sp3

   Microsoft ≫ Windows 2000 Version-
   Microsoft ≫ Windows 2003 Server Versionsp1
   Microsoft ≫ Windows Xp Version-

Microsoft ≫ Word Version2007

   Microsoft ≫ Windows 2000 Version-
   Microsoft ≫ Windows 2003 Server Versionsp1
   Microsoft ≫ Windows Xp Version-

Microsoft ≫ Word Version2007_sp1

   Microsoft ≫ Windows 2000 Version-
   Microsoft ≫ Windows 2003 Server Versionsp1
   Microsoft ≫ Windows Xp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	60.64%	0.982

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://marc.info/?l=bugtraq&m=121129490723574&w=2

http://www.kb.cert.org/vuls/id/936529

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028

http://www.microsoft.com/technet/security/advisory/950627.mspx

http://www.securitytracker.com/id?1019686

https://exchange.xforce.ibmcloud.com/vulnerabilities/41380

https://nvd.nist.gov/vuln/detail/CVE-2008-1092

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1092

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1092

EUVD