CVE-2008-1092

EXPLOITED IN THE WILD

Microsoft Jet Database Engine <4.0.9505.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2008-1092 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019686
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/936529
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41380
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=121129490723574&w=2
Vendor Advisory vendor-advisory x_refsource_mskb
http://www.microsoft.com/technet/security/advisory/950627.mspx

Scores

EPSS 0.2588
EPSS Percentile 97.7%

Details

VulnCheck KEV 2008-03-25
InTheWild.io 2018-10-30
CWE
CWE-119
Status published
Products (6)
microsoft/word 2000 sp3
microsoft/word 2002 sp3
microsoft/word 2003 sp2
microsoft/word 2003_sp3
microsoft/word 2007
microsoft/word 2007_sp1
Published Mar 25, 2008
Tracked Since Feb 18, 2026