CVE-2008-0119

Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=121129490723574&w=2
http://secunia.com/advisories/30150	Vendor Advisory
http://www.securityfocus.com/archive/1/492073/100/0/threaded
http://www.securityfocus.com/bid/29158
http://www.securitytracker.com/id?1020015
http://www.us-cert.gov/cas/techalerts/TA08-134A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/1505/references
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-027
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5303

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:office:2000:sp3::::::
	cpe:2.3:a:microsoft:office:2003:sp2::::::
	cpe:2.3:a:microsoft:office:2003:sp3::::::
	cpe:2.3:a:microsoft:office:2007:::::::*
	cpe:2.3:a:microsoft:office:2007_sp1:::::::*
	cpe:2.3:a:microsoft:office:xp:sp3::::::

History

No history.

Information

Published : 2008-05-13 22:20

Updated : 2023-12-10 10:51

NVD link : CVE-2008-0119

Mitre link : CVE-2008-0119

CVE.ORG link : CVE-2008-0119

JSON object : View

Products Affected

microsoft

office

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2008-0119", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-05-13T22:20:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/30150", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/492073/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/29158", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1020015", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2008/1505/references", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-027", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5303", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka \"Publisher Object Handler Validation Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Microsoft publisher en Office XP SP3, 2003 SP2 y SP3 y 2007 SP1 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero publisher con datos en el objeto de cabecera manipulados lo que provoca una corrupci\u00f3n de memoria, tambi\u00e9n conocido como \"Vulnerabilidad en la validaci\u00f3n del manejo del objeto\"\u00b7"}], "lastModified": "2018-10-15T21:57:59.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B"}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4"}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E"}, {"criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E"}, {"criteria": "cpe:2.3:a:microsoft:office:2007_sp1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4142D44F-26F2-467B-A7DE-00239C0013D4"}, {"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}