Release DateDec 12, 2008 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit a remote code-execution vulnerability in Microsoft Office products.This vulnerability is caused by the application's failure to examine invalid Object Records before processing them. A remote attacker may exploit this to execute arbitrary code. |
Affected ProductsMicrosoft Office 2000 Service Pack 3Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 3 2007 Microsoft Office System and its Service Pack 1 Microsoft Office Excel Viewer 2003 and its Service Pack 3 Microsoft Office Excel Viewer Microsoft Office for Mac Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac Open XML File Format Converter for Mac |
Recommended ActionsApply the patch, available at the following website:http://www.microsoft.com/technet/security/Bulletin/ms08-074.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-cve-2008-4264 |
Reference/shttp://www.securityfocus.com/bid/32621 (BugTraq)http://technet.microsoft.com/en-us/security/bulletin/ms08-074.mspx (MS-ID) |
