9.3

CVE-2008-1434

Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOffice Version2000 Updatesp3
MicrosoftOffice Version2003 Updatesp2
MicrosoftOffice Version2003 Updatesp3
MicrosoftOffice Version2004 Editionmac
MicrosoftOffice Version2007
MicrosoftOffice Version2007_sp1
MicrosoftOffice Version2008 Editionmac
MicrosoftOffice Versionxp Updatesp3
MicrosoftWord Viewer Version2003
MicrosoftWord Viewer Version2003 Editionsp3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 30.87% 0.98
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=121129490723574&w=2
http://www.us-cert.gov/cas/techalerts/TA08-134A.html
US Government Resource
http://secunia.com/advisories/30143
Vendor Advisory
http://www.vupen.com/english/advisories/2008/1504/references
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700
http://www.securityfocus.com/bid/29105
Patch
http://www.securitytracker.com/id?1020014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5012