CVE-2008-1434

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
54.9%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: May 13, 2008 (6574 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.

CWE

CWE-399

Affected Products

microsoft officemicrosoft office compatibility pack for word excel ppt 2007microsoft word viewer

References

🔗 labs.idefense.com 🔗 marc.info 🔗 secunia.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com