CVE-2008-1092
EXPLOITED IN THE WILDMicrosoft Jet Database Engine <4.0.9505.0 - RCE
Title source: llmExploitation Summary
CVE-2008-1092 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019686
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/936529
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41380
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=121129490723574&w=2
Vendor Advisory vendor-advisory
x_refsource_mskb
http://www.microsoft.com/technet/security/advisory/950627.mspx
Scores
EPSS
0.2588
EPSS Percentile
97.7%
Details
VulnCheck KEV
2008-03-25
InTheWild.io
2018-10-30
CWE
CWE-119
Status
published
Products (6)
microsoft/word
2000 sp3
microsoft/word
2002 sp3
microsoft/word
2003 sp2
microsoft/word
2003_sp3
microsoft/word
2007
microsoft/word
2007_sp1
Published
Mar 25, 2008
Tracked Since
Feb 18, 2026