NVD

Id
3888  
Name
CVE-2008-4028  
Description
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-03  
Published
2008-12-10  
Modified Date
2011-03-07  
Seq
2008-4028  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
24541 3888 CVE-2008-4028 oval:org.mitre.oval:def:6096  View
24542 3888 CVE-2008-4028 MS08-072  View
24543 3888 CVE-2008-4028 20081209 ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow Vulnerability  View
24544 3888 CVE-2008-4028 1021370  View
24545 3888 CVE-2008-4028 TA08-344A  View
24546 3888 CVE-2008-4028 ADV-2008-3384  View
24547 3888 CVE-2008-4028 http://www.zerodayinitiative.com/advisories/ZDI-08-085  View
24548 3888 CVE-2008-4028 http://www.zerodayinitiative.com/advisories/ZDI-08-085/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
46877 JVNDB-2008-002187 Microsoft Office Word における RTF ファイルの処理に関する任意のコードを実行される脆弱性 Microsoft Office Word には、RTF ファイルまたはリッチテキスト電子メールメッセージの処理に不備があるため、任意のコードを実行される脆弱性が存在します。 CVE-2008-4028 34141 CVE-2008-4028 3888 9.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002187.html 2008-12-09 2009-01-16 View