CVE-2008-1455 - OpenCVE

A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Compatibility Pack Word Excel Powerpoint Office Office Powerpoint Viewer

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:::::::*
	cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp1::::::
	cpe:2.3:a:microsoft:office:2000:sp3::::::
	cpe:2.3:a:microsoft:office:2003:sp2::::::
	cpe:2.3:a:microsoft:office:2003:sp3::::::
	cpe:2.3:a:microsoft:office:2004::mac:::::
	cpe:2.3:a:microsoft:office:2007:::::::*
	cpe:2.3:a:microsoft:office:2007:sp1::::::
	cpe:2.3:a:microsoft:office:xp:sp3::::::
	cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=121915960406986&w=2
http://secunia.com/advisories/31453
http://www.securityfocus.com/bid/30579
http://www.securitytracker.com/id?1020676
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
http://www.vupen.com/english/advisories/2008/2355
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5555

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2008-08-13T00:00:00

Updated: 2024-08-07T08:24:42.129Z

Reserved: 2008-03-21T00:00:00

Link: CVE-2008-1455

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-08-13T00:41:00.000

Modified: 2018-10-30T16:26:20.590

Link: CVE-2008-1455

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "A \"memory calculation error\" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka \"Parsing Overflow Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "TA08-225A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"}, {"name": "HPSBST02360", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"}, {"name": "SSRT080117", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"}, {"name": "1020676", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020676"}, {"name": "ADV-2008-2355", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2355"}, {"name": "31453", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31453"}, {"name": "MS08-051", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-051"}, {"name": "oval:org.mitre.oval:def:5555", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5555"}, {"name": "30579", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30579"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2008-1455", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A \"memory calculation error\" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka \"Parsing Overflow Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "TA08-225A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"}, {"name": "HPSBST02360", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"}, {"name": "SSRT080117", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"}, {"name": "1020676", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020676"}, {"name": "ADV-2008-2355", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2355"}, {"name": "31453", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31453"}, {"name": "MS08-051", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-051"}, {"name": "oval:org.mitre.oval:def:5555", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5555"}, {"name": "30579", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30579"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:24:42.129Z"}, "title": "CVE Program Container", "references": [{"name": "TA08-225A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"}, {"name": "HPSBST02360", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"}, {"name": "SSRT080117", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"}, {"name": "1020676", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020676"}, {"name": "ADV-2008-2355", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2355"}, {"name": "31453", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31453"}, {"name": "MS08-051", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-051"}, {"name": "oval:org.mitre.oval:def:5555", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5555"}, {"name": "30579", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30579"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2008-1455", "datePublished": "2008-08-13T00:00:00", "dateReserved": "2008-03-21T00:00:00", "dateUpdated": "2024-08-07T08:24:42.129Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:*:*:*:*:*:*:*", "matchCriteriaId": "AB5FE646-2516-4E38-BE3F-9F987CBBB70D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "7EB896B5-611E-4457-B438-C6CC937D63FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*", "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*", "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*", "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*", "matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*", "matchCriteriaId": "A5440EF5-462B-4BAC-AF60-44C5D649D0D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A \"memory calculation error\" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka \"Parsing Overflow Vulnerability.\""}, {"lang": "es", "value": "Un error en el c\u00e1lculo de memoria en Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, y 2007 incluyendo el SP1; y Compatibility Pack para Word, Excel, and PowerPoint 2007 incluyendo el SP1; y Office 2004 para Mac, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo PowerPoint con una lista de valores manipulados, lo que lanza una corrupci\u00f3n de memoria. Tambi\u00e9n conocida como \"Vulnerabilidad de desbordamiento en validaci\u00f3n\"."}], "id": "CVE-2008-1455", "lastModified": "2018-10-30T16:26:20.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-08-13T00:41:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31453"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/30579"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1020676"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2008/2355"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-051"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5555"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}