CVE-2008-1434

Sažetak

Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700
http://marc.info/?l=bugtraq&m=121129490723574&w=2
http://secunia.com/advisories/30143
http://www.securityfocus.com/bid/29105
http://www.securitytracker.com/id?1020014
http://www.us-cert.gov/cas/techalerts/TA08-134A.html
http://www.vupen.com/english/advisories/2008/1504/references
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5012

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

12-10-2018 - 21:45

Objavljeno

13-05-2008 - 22:20