Oval Definition:oval:org.mitre.oval:def:5737
Revision Date:2014-06-30Version:20
Title:Word RTF Object Parsing Vulnerability
Description:Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-4030
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Office Compatibility Pack
Microsoft Office Word Viewer 2003
Microsoft Outlook 2007
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word 2007
Definition Synopsis
  • Word 2000
  • Microsoft Word 2000 is installed
  • AND the version of Winword.exe is less than 9.0.0.8974
  • OR Word 2002
  • Microsoft Word 2002 is installed
  • AND the version of Winword.exe is less than 10.0.6850.0
  • OR Word 2003
  • Microsoft Word 2003 is installed
  • AND the version of Winword.exe is less than 11.0.8237.0
  • OR Word Viewer 2003
  • Microsoft Word Viewer is installed
  • AND the version of Wordview.exe is less than 11.0.8241.0
  • OR Word 2007
  • Microsoft Word 2007 is installed
  • AND the version of Winword.exe is less than 12.0.6331.5000
  • OR Office Compatibility Pack 2007
  • Microsoft Office Compatibility Pack is installed
  • AND the version of Wordconv.exe is less than 12.0.6300.5000
  • OR Outlook 2007
  • Microsoft Outlook 2007 is installed
  • AND the version of Winword.exe is less than 12.0.6331.5000
    • BACK