| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS08-017 | Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103) | Microsoft Office | Critical | 12-03-2008 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists in the way Microsoft Office Web Components manages memory resources when parsing specially crafted URLs.
Detailed Information on the risk:
An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.Further information on this exploit is available at : MS08-017
Affected Software
Microsoft Office 2000 Service Pack 3Microsoft Office XP Service Pack 3
Visual Studio .NET 2002 Service Pack 1
Visual Studio .NET 2003 Service Pack 1
Microsoft BizTalk Server 2000
Microsoft BizTalk Server 2002
Microsoft Commerce Server 2000
Internet Security and Acceleration Server 2000 Service Pack 2