9.3

CVE-2008-1434

Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftOffice Version2000 Updatesp3
MicrosoftOffice Version2003 Updatesp2
MicrosoftOffice Version2003 Updatesp3
MicrosoftOffice Version2004 Editionmac
MicrosoftOffice Version2007
MicrosoftOffice Version2007_sp1
MicrosoftOffice Version2008 Editionmac
MicrosoftOffice Versionxp Updatesp3
MicrosoftWord Viewer Version2003
MicrosoftWord Viewer Version2003 Editionsp3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 54.91% 0.979
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C