← Back

CVE-2008-1434

nvd nist
Published: May 13, 2008Modified: Apr 23, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.

Affected (12)

Microsoft
3 products
Office
Office Compatibility Pack For Word Excel Ppt 2007
Word Viewer
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Office
Version 2000 sp3
Office
Version 2003 sp2
Office
Version 2003 sp3
Office
Version 2004
Office
Version 2007
Office
Version 2007_sp1
Office
Version 2008
Office
Version xp sp3
Microsoft
Office Compatibility Pack For Word Excel Ppt 2007
All versions
Office Compatibility Pack For Word Excel Ppt 2007
All versions
Microsoft
Word Viewer
Version 2003
Word Viewer
Version 2003

Related CWEs

CWE-399
CWE-399

References (18)

Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Patch
Source: secure@microsoft.com
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.