TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
(MS08-044) Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
Vulnerability Identifier: CVE-2008-3019; CVE-2008-3018; CVE-2008-3021; CVE-2008-3020; CVE-2008-3460
Discovery Date: Aug 12, 2008
Risk: Critical
Affected Software:
  • Microsoft Office 2000 Service Pack 3
  • Microsoft Office 2003 Service Pack 2
  • Microsoft Office Converter Pack
  • Microsoft Office Project 2002 Service Pack 1
  • Microsoft Office XP Service Pack 3
  • Microsoft Works 8.0
Description:

This security update resolves vulnerabilities which could allow remote code execution if a user viewed a specially crafted image file using Microsoft Office. Users configured to have fewer administrative privileges could be less impacted than users who operate with full administrative user rights.


Patch Information:

Patches for this vulnerability can be downloaded on this Microsoft Web page.


Workaround Fixes:

To safeguard against this particular vulnerability, Microsoft recommends modifying the Access Control List to deny all users access to the EPSIMP32.FLT, PICTIM32.FLT, BMP32.FLT and WPGIMP32.FLT files. More details regarding these workarounds may be found on this Microsoft Web page.
 
Search for another Security Advisory
Keyword: