First published: Tue May 13 2008(Updated: )
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Office | =2000-sp3 | |
Microsoft Office | =2003-sp2 | |
Microsoft Office | =2003-sp3 | |
Microsoft Office | =2004 | |
Microsoft Office | =2007 | |
Microsoft Office | =2007_sp1 | |
Microsoft Office | =2008 | |
Microsoft Office | =xp-sp3 | |
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | ||
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint | ||
Microsoft Office Word Viewer | =2003 | |
Microsoft Office Word Viewer | =2003 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-1434 is considered critical due to the potential for remote code execution.
To mitigate CVE-2008-1434, it is recommended to update Microsoft Office to a version that is no longer affected.
CVE-2008-1434 affects Microsoft Office 2000, XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier.
Yes, CVE-2008-1434 can be exploited through malicious HTML documents sent as email attachments.
Exploiting CVE-2008-1434 can allow attackers to execute arbitrary code on an affected system.