Windows : Microsoft Bulletins : Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.900029
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090)
Summary:	This host is missing critical security update according to; Microsoft Bulletin MS08-044.
Description:	Summary: This host is missing critical security update according to Microsoft Bulletin MS08-044. Vulnerability Insight: Multiple flaws due to memory corruption errors when processing specially crafted Encapsulated PostScript (EPS) files, and PICT, BMP, or WordPerfect Graphics (WPG) images. Vulnerability Impact: Remote exploitation could allow attackers to execute arbitrary code by tricking a user into opening a malicious office file, and also can crash an affected application. Affected Software/OS: - Microsoft Office 2k SP3 - Microsoft Office XP Service Pack 3 - Microsoft Office 2003 Service Pack 2 - Microsoft Office Project 2002 Service Pack 1 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3018 BugTraq ID: 30597 http://www.securityfocus.com/bid/30597 Cert/CC Advisory: TA08-225A http://www.us-cert.gov/cas/techalerts/TA08-225A.html HPdes Security Advisory: HPSBST02360 http://marc.info/?l=bugtraq&m=121915960406986&w=2 HPdes Security Advisory: SSRT080117 Microsoft Security Bulletin: MS08-044 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5879 http://www.securitytracker.com/id?1020673 http://secunia.com/advisories/31336 http://www.vupen.com/english/advisories/2008/2348 Common Vulnerability Exposure (CVE) ID: CVE-2008-3019 BugTraq ID: 30595 http://www.securityfocus.com/bid/30595 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6122 Common Vulnerability Exposure (CVE) ID: CVE-2008-3020 BugTraq ID: 30599 http://www.securityfocus.com/bid/30599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5868 Common Vulnerability Exposure (CVE) ID: CVE-2008-3021 BugTraq ID: 30598 http://www.securityfocus.com/bid/30598 Bugtraq: 20080812 ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap Corruption (Google Search) http://www.securityfocus.com/archive/1/495429/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-049/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5997 Common Vulnerability Exposure (CVE) ID: CVE-2008-3460 BugTraq ID: 30600 http://www.securityfocus.com/bid/30600 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=737 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6019
Copyright	Copyright (C) 2008 Greenbone AG