CVE-2008-3021

Related Files

HP Security Bulletin 2008-01.17

Posted Aug 20, 2008

Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.

tags | advisory, vulnerability

advisories | CVE-2008-2463, CVE-2008-2244, CVE-2008-3003, CVE-2008-3004, CVE-2008-3005, CVE-2008-3006, CVE-2008-3018, CVE-2008-3019, CVE-2008-3020, CVE-2008-3021, CVE-2008-3460, CVE-2008-2254, CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2258, CVE-2008-2259, CVE-2008-2245

SHA-256 | 2e4ffbf4438b0b0f934a05ed61e235bf9fb4fcd4accbe0150cd3979ef9ea1104

Download | Favorite | View

Zero Day Initiative Advisory 08-049

Posted Aug 13, 2008

Authored by Tipping Point | Site zerodayinitiative.com

A potential vulnerability exists in the Microsoft Office Suite. The issue is a result of insufficient bounds checking on the content of PICT files embedded into documents. Successful exploitation of this issue enables an attacker to remotely execute arbitrary code on a target system. User interaction would be required, as an attacker would have to convince the target user to open a malformed file. One of the filter DLLs for processing image files in Microsoft Office suffers from a potentially-exploitable memory corruption condition when processing .PICT images. An invalid value in the bits_per_pixel field (offset 0x257) causes heap corruption. Different values of this field result in distinctly different types of corruption. Internally, the issue was only reproducible when the malformed image was directly inserted into an Office document by the target user.

tags | advisory, arbitrary

advisories | CVE-2008-3021

SHA-256 | 974bb98ba30588b96b6efd403c5cc2af6d08b2085fb3458ddc726a0dd5907f16

Download | Favorite | View