{"vuid":"VU#692417","idnumber":"692417","name":"Microsoft Word code execution vulnerability","keywords":["Microsoft","Word","remote code execution","crafted Word file","ms08-feb"],"overview":"Microsoft Word contains a vulnerability that may allow an attacker to execute arbitrary code.","clean_desc":"Per Microsoft Security Bulletin MS08-009: A remote code execution vulnerability exists in the way that Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed value. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.","impact":"A remote attacker may be able to execute arbitrary code.","resolution":"Microsoft has released Security Bulletin MS08-009 to address this issue.","workarounds":"","sysaffected":"","thanks":"Microsoft credits Rubén Santamarta of Reversemode.com for reporting this vulnerability.","author":"This document was written by Ryan Giobbi.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","8","-","0","0","9",".","m","s","p","x"],"cveids":["CVE-2008-0109"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-02-12T19:26:28Z","publicdate":"2008-02-12T00:00:00Z","datefirstpublished":"2008-02-12T20:58:19Z","dateupdated":"2008-02-12T21:01:13Z","revision":7,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"3","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"19","cam_impact":"10","cam_easeofexploitation":"15","cam_attackeraccessrequired":"19","cam_scorecurrent":"22.336875","cam_scorecurrentwidelyknown":"24.3675","cam_scorecurrentwidelyknownexploited":"44.67375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":22.336875,"vulnote":null}