CVE Vulnerabilities

CVE-2008-4027

Published: Dec 10, 2008 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object (do) tags, which triggers a memory calculation error and memory corruption, aka Word RTF Object Parsing Vulnerability.

Affected Software

Name Vendor Start Version End Version
Office Microsoft 2004 2004
Office Microsoft 2008 2008
Office_compatibility_pack_for_word_excel_ppt_2007 Microsoft * *
Office_compatibility_pack_for_word_excel_ppt_2007 Microsoft * *
Office_word_viewer Microsoft 2003 2003
Office_word_viewer Microsoft 2003 2003
Open_xml_file_format_converter Microsoft * *
Works Microsoft 8.0 8.0

References