VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Dec 10, 2008· Updated Apr 23, 2026

CVE-2008-4025

CVE-2008-4025

Description

Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability."

Affected products

14
  • Microsoft/Office2 versions
    cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
  • Microsoft/Office Compatibility Pack For Word Excel Ppt 20072 versions
    cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:sp1:*:*:*:*:*:*
  • Microsoft/Office Outlook2 versions
    cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:office_outlook:2007:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office_outlook:2007:sp1:*:*:*:*:*:*
  • Microsoft/Office Word4 versions
    cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office_word:2007:*:*:*:*:*:*:*
  • Microsoft/Office Word Viewer2 versions
    cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:office_word_viewer:2003:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*
  • Microsoft/Open Xml File Format Converter
    cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*
  • Microsoft/Works
    cpe:2.3:a:microsoft:works:8.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.