HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2008-37
Microsoft Project Memory Validation Vulnerability

Original Issue Date: April 10, 2008

Severity Rating: High

System Affected

  • Microsoft Project 2000 Service Release 1
  • Microsoft Project 2002 Service Pack 1
  • Microsoft Project 2003 Service Pack 2

Overview

A memory validation vulnerability has been reported in Microsoft Project which allows remote attackers to execute arbitrary code via a crafted Project file.

Description

Microsoft Project Memory Validation Vulnerability –
(CVE-2008-1088)

This vulnerability exists in the way Microsoft Project validates memory resource allocations while parsing project files.The attacker can create a specially crafted Project file that when loaded by the target user, will trigger a memory error and allows arbitrary code execution on the target system. The code will run with the privileges of the target user.

Workaround

  • Do not open or save Microsoft Office files that are received from untrusted sources or that received unexpectedly from trusted sources.

Solution

 Apply appropriate fix version as mentioned in Microsoft Security Bulletin
MS08-018


Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx

References

Security Tracker
http://securitytracker.com/alerts/2008/Apr/1019797.html

CVE Name
CVE-2008-1088

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003