CVE-2008-4030 (CNNVD-200812-134)
中文标题:
Microsoft Word Word RTF 对象解析漏洞
英文标题:
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1...
漏洞描述
中文描述:
Word是微软Office套件中的文件处理工具。 Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, 和 2007 Gold 和 SP1; Outlook 2007 Gold 和 SP1; Word Viewer 2003 Gold 和 SP3; 和 Office Compatibility Pack for Word, Excel, 和 PowerPoint 2007 File Formats Gold 和 SP1,允许远程攻击者通过特制的在 (1) 一个 RTF 文件中或(2) 一个多格式文本 e-mail 消息中的控制命令来触发不正确的内存分配和内存破坏,从而执行任意的代码。此漏洞又名"Word RTF 对象解析漏洞",与CVE-2008-4028不同。
英文描述:
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| microsoft | office | 2004 | - | - |
cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
|
| microsoft | office | 2008 | - | - |
cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
|
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | - | - |
cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*
|
| microsoft | office_word_viewer | 2003 | - | - |
cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*
|
| microsoft | open_xml_file_format_converter | * | - | - |
cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*
|
| microsoft | works | 8.0 | - | - |
cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*
|
| microsoft | office_outlook | 2007 | - | - |
cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*
|
| microsoft | office_word | 2000 | - | - |
cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*
|
| microsoft | office_word | 2002 | - | - |
cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
|
| microsoft | office_word | 2003 | - | - |
cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*
|
| microsoft | office_word | 2007 | - | - |
cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
AV:N/AC:M/Au:N/C:C/I:C/A:C
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2008-4030 |
2025-11-11 15:18:03 | 2025-11-11 07:32:54 |
| NVD | nvd_CVE-2008-4030 |
2025-11-11 14:52:36 | 2025-11-11 07:41:41 |
| CNNVD | cnnvd_CNNVD-200812-134 |
2025-11-11 15:09:03 | 2025-11-11 07:49:31 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 资源管理错误
- cnnvd_id: 未提取 -> CNNVD-200812-134
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 9.3
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:C/I:C/A:C
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 11
- data_sources: ['cve'] -> ['cve', 'nvd']