CVE-2008-1091
Microsoft Office - Remote Code Execution via Malformed RTF String
Title source: llmDescription
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
References (11)
Core 11
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/492020/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29104
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/543907
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1504/references
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5494
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020013
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=121129490723574&w=2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30143
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-134A.html
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-08-023
Scores
EPSS
0.4051
EPSS Percentile
98.5%
Details
CWE
CWE-94
Status
published
Products (9)
microsoft/office
2000 sp3
microsoft/office
2003 sp2 (2 CPE variants)
microsoft/office
2004
microsoft/office
2007
microsoft/office
2007_sp1
microsoft/office
2008
microsoft/office
xp sp3
microsoft/office_compatibility_pack_for_word_excel_ppt_2007
(2 CPE variants)
microsoft/word_viewer
2003 (2 CPE variants)
Published
May 13, 2008
Tracked Since
Feb 18, 2026