<< Back
CVE Number Vulnerability Product Severity Date
MS08-017 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103) Microsoft Office Critical 12-03-2008

Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists in the way Microsoft Office Web Components manages memory resources when parsing specially crafted URLs.
Detailed Information on the risk:
An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.Further information on this exploit is available at : MS08-017

Affected Software

Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Visual Studio .NET 2002 Service Pack 1
Visual Studio .NET 2003 Service Pack 1
Microsoft BizTalk Server 2000
Microsoft BizTalk Server 2002
Microsoft Commerce Server 2000
Internet Security and Acceleration Server 2000 Service Pack 2