Vulnerability Name: | CVE-2008-0119 (CCN-42102) |
Assigned: | 2008-05-13 |
Published: | 2008-05-13 |
Updated: | 2018-10-15 |
Summary: | Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
|
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Changed
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High |
|
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete | 9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete |
|
Vulnerability Type: | CWE-94
|
Vulnerability Consequences: | Gain Access |
References: | Source: CCN Type: BugTraq Mailing List, Tue May 13 2008 - 19:52:46 CDT Microsoft Office Publisher PUB File Parsing Remote Memory Corruption Vulnerability
Source: MITRE Type: CNA CVE-2008-0119
Source: CCN Type: HP Security Bulletin HPSBST02336 SSRT080071 rev.1 Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-026 to MS08-029
Source: HP Type: UNKNOWN SSRT080071
Source: CCN Type: SA30150 Microsoft Publisher Object Handler Validation Vulnerability
Source: SECUNIA Type: Vendor Advisory 30150
Source: CCN Type: SECTRACK ID: 1020015 Microsoft Publisher Bug in Processing Object Header Data Lets Remote Users Execute Arbitrary Code
Source: CCN Type: ASA-2008-211 MS08-027 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
Source: CCN Type: Microsoft Security Bulletin MS11-096 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
Source: CCN Type: Microsoft Security Bulletin MS12-028 Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185)
Source: CCN Type: Microsoft Security Bulletin MS12-029 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
Source: CCN Type: Microsoft Security Bulletin MS12-057 Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2731879)
Source: CCN Type: Microsoft Security Bulletin MS12-064 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)
Source: CCN Type: Microsoft Security Bulletin MS12-065 Vulnerability in Microsoft Works Could Allow Remote Code Execution (KB2754670)
Source: CCN Type: Microsoft Security Bulletin MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
Source: CCN Type: Microsoft Security Bulletin MS13-043 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)
Source: CCN Type: Microsoft Security Bulletin MS13-072 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
Source: CCN Type: Microsoft Security Bulletin MS13-085 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)
Source: CCN Type: Microsoft Security Bulletin MS13-086 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)
Source: CCN Type: Microsoft Security Bulletin MS14-001 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
Source: CCN Type: Microsoft Security Bulletin MS14-017 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)
Source: CCN Type: Microsoft Security Bulletin MS14-034 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261)
Source: CCN Type: Microsoft Security Bulletin MS14-061 Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
Source: CCN Type: Microsoft Security Bulletin MS14-069 Vulnerability in Microsoft Office Could Allow Remote Code Execution (3009710)
Source: CCN Type: Microsoft Security Bulletin MS14-081 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301)
Source: CCN Type: Microsoft Security Bulletin MS14-083 Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347)
Source: CCN Type: Microsoft Security Bulletin MS15-081 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
Source: CCN Type: Microsoft Security Bulletin MS15-099 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)
Source: CCN Type: Microsoft Security Bulletin MS15-110 Security Updates for Microsoft Office (3096440)
Source: CCN Type: Microsoft Security Bulletin MS15-116 Security Updates for Microsoft Office to Address Remote Code Execution (3104540)
Source: CCN Type: Microsoft Security Bulletin MS15-131 Security Update for Microsoft Office to Address Remote Code Execution (3116111)
Source: CCN Type: Microsoft Security Bulletin MS16-004 Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585)
Source: CCN Type: Microsoft Security Bulletin MS16-015 Security Update for Microsoft Office to Address Remote Code Execution (3134226)
Source: CCN Type: Microsoft Security Bulletin MS16-029 Security Update for Microsoft Office to Address Remote Code Execution (3141806)
Source: CCN Type: Microsoft Security Bulletin MS16-042 Security Update for Microsoft Office (3148775)
Source: CCN Type: Microsoft Security Bulletin MS16-054 Security Update for Microsoft Office (3155544)
Source: CCN Type: Microsoft Security Bulletin MS16-070 Security Update for Office (3163610)
Source: CCN Type: Microsoft Security Bulletin MS16-088 Security Updates for Office (3170008)
Source: CCN Type: Microsoft Security Bulletin MS16-099 Security Update for Office (3177451)
Source: CCN Type: Microsoft Security Bulletin MS16-107 Security Update for Microsoft Office (3185852)
Source: CCN Type: Microsoft Security Bulletin MS16-121 Security Update for Microsoft Office (3194063)
Source: CCN Type: Microsoft Security Bulletin MS16-133 Security Update for Microsoft Office (3199168)
Source: CCN Type: Microsoft Security Bulletin MS16-148 Security Update for Microsoft Office (3204068)
Source: CCN Type: Microsoft Security Bulletin MS17-002 Security Update for Microsoft Office (3214291)
Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075)
Source: CCN Type: Microsoft Security Bulletin MS17-014 Security Update for Microsoft Office (4013241)
Source: CCN Type: Microsoft Security Bulletin MS08-027 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
Source: CCN Type: Microsoft Security Bulletin MS09-030 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (969516)
Source: CCN Type: Microsoft Security Bulletin MS10-023 Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
Source: CCN Type: Microsoft Security Bulletin MS10-036 Vulnerabilities in COM validation in Microsoft Office Could Allow Remote Code Execution (983235
Source: CCN Type: Microsoft Security Bulletin MS10-056 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
Source: CCN Type: Microsoft Security Bulletin MS10-057 Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
Source: CCN Type: Microsoft Security Bulletin MS10-079 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
Source: CCN Type: Microsoft Security Bulletin MS10-087 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
Source: CCN Type: Microsoft Security Bulletin MS10-105 Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
Source: CCN Type: Microsoft Security Bulletin MS11-021 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
Source: CCN Type: Microsoft Security Bulletin MS11-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
Source: CCN Type: Microsoft Security Bulletin MS11-045 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
Source: CCN Type: Microsoft Security Bulletin MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
Source: BUGTRAQ Type: UNKNOWN 20080514 Microsoft Office Publisher PUB File Parsing Remote Memory Corruption Vulnerability
Source: BID Type: UNKNOWN 29158
Source: CCN Type: BID-29158 Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability
Source: SECTRACK Type: UNKNOWN 1020015
Source: CERT Type: US Government Resource TA08-134A
Source: VUPEN Type: UNKNOWN ADV-2008-1505
Source: MS Type: UNKNOWN MS08-027
Source: XF Type: UNKNOWN publisher-object-handler-code-execution(42102)
Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5303
|
Vulnerable Configuration: | Configuration 1: cpe:/a:microsoft:office:2000:sp3:*:*:*:*:*:*OR cpe:/a:microsoft:office:2003:sp2:*:*:*:*:*:*OR cpe:/a:microsoft:office:2003:sp3:*:*:*:*:*:*OR cpe:/a:microsoft:office:2007:*:*:*:*:*:*:*OR cpe:/a:microsoft:office:2007_sp1:*:*:*:*:*:*:*OR cpe:/a:microsoft:office:xp:sp3:*:*:*:*:*:* Configuration CCN 1: cpe:/a:microsoft:publisher:2007:*:*:*:*:*:*:*OR cpe:/a:microsoft:publisher:2002:sp3:*:*:*:*:*:*OR cpe:/a:microsoft:publisher:2003:sp3:*:*:*:*:*:*OR cpe:/a:microsoft:publisher:2003:sp2:*:*:*:*:*:*OR cpe:/a:microsoft:publisher:2007:sp1:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |