CVE-2008-1091

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
64.1%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: May 13, 2008 (6574 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."

CWE

CWE-94

Affected Products

microsoft officemicrosoft office compatibility pack for word excel ppt 2007microsoft word viewer

References

🔗 marc.info 🔗 secunia.com 🔗 www.kb.cert.org 🔗 www.securityfocus.com 🔗 www.securityfocus.com