CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4027

Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.625

EPSS Ranking 98.2%

CVSS Severity

CVSS v2 Score 9.3

References

Products affected by CVE-2008-4027

Microsoft » Office » Version: 2000

cpe:2.3:a:microsoft:office:2000
Microsoft » Office » Version: 2003

cpe:2.3:a:microsoft:office:2003
Microsoft » Office » Version: 2004

cpe:2.3:a:microsoft:office:2004
Microsoft » Office » Version: 2008

cpe:2.3:a:microsoft:office:2008
Microsoft » Office » Version: xp

cpe:2.3:a:microsoft:office:xp
Microsoft » Office Compatibility Pack For Word Excel Ppt 2007 » Version: Any

cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*
Microsoft » Office Outlook » Version: 2007

cpe:2.3:a:microsoft:office_outlook:2007
Microsoft » Office Word » Version: 2000

cpe:2.3:a:microsoft:office_word:2000
Microsoft » Office Word » Version: 2002

cpe:2.3:a:microsoft:office_word:2002
Microsoft » Office Word » Version: 2003

cpe:2.3:a:microsoft:office_word:2003
Microsoft » Office Word » Version: 2007

cpe:2.3:a:microsoft:office_word:2007
Microsoft » Office Word Viewer » Version: 2003

cpe:2.3:a:microsoft:office_word_viewer:2003
Microsoft » Open Xml File Format Converter » Version: N/A

cpe:2.3:a:microsoft:open_xml_file_format_converter:-
Microsoft » Works » Version: 8.0

cpe:2.3:a:microsoft:works:8.0
Microsoft » Office System » Version: Any

cpe:2.3:o:microsoft:office_system:*
Microsoft » Office System » Version: sp1

cpe:2.3:o:microsoft:office_system:sp1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4027

Products

Pricing

Contact Us