Описание
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:office_project:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_project:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:project_portfolio_server:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:project_portfolio_server:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:project_server:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:project_server:2007:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:project_server:2007:sp2:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.47216
Средний
9.3 Critical
CVSS2
Дефекты
CWE-399
Связанные уязвимости
github
почти 4 года назад
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
EPSS
Процентиль: 98%
0.47216
Средний
9.3 Critical
CVSS2
Дефекты
CWE-399