Vulnerability Note VU#543907
Microsoft Office fails to properly handle specially crafted Rich Text Format files
A vulnerability in the way Microsoft Office handles Rich Text Format files may lead to execution of arbitrary code.
Microsoft Office contains a vulnerability that could be exploited when parsing malformed strings contained in specially crafted Rich Text Format (.rtf) files. According to Microsoft Security Bulletin ms08-026:
The vulnerability could allow remote code execution if a user opens a specially crafted .rtf file with malformed strings in Word or previews a specially crafted .rtf file with malformed strings in rich text e-mail.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the affected user or cause a denial-of-service condition.
Do not open untrusted Microsoft Office documents
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||13 May 2008|
CVSS Metrics (Learn More)
This vulnerability was reported in Microsoft Security Bulletin ms08-026. Microsoft credits wushi of team509, working with Zero Day Initiative, for reporting this issue.
This document was written by Chris Taschner.
- CVE IDs: CVE-2008-1091
- Date Public: 13 May 2008
- Date First Published: 13 May 2008
- Date Last Updated: 13 May 2008
- Severity Metric: 25.25
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.