Unrated severityNVD Advisory· Published Mar 25, 2008· Updated Apr 23, 2026

CVE-2008-1092

Description

Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.

Affected products

Microsoft/Word6 versions
cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2002:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2003:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2003_sp3:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2007:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2007_sp1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/936529nvdUS Government Resource
marc.infonvd
www.microsoft.com/technet/security/advisory/950627.mspxnvd
www.securitytracker.com/idnvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028nvd
exchange.xforce.ibmcloud.com/vulnerabilities/41380nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.049
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000