CVE-2008-1434

Опубликовано: 13 мая 2008

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*

cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2007_sp1:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*

cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:sp1:*:*:*:*:*

cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:word_viewer:2003:*:sp3:*:*:*:*:*

EPSS

Процентиль: 98%

0.54907

Средний

9.3 Critical

CVSS2

Дефекты

CWE-399

Связанные уязвимости

GHSA-j85m-h9w4-pm29

github

почти 4 года назад