CVE-2008-3018

CVE Database · CVE-2008-3018

CVE-2008-3018

· N/AModified

CVSS v3.1

N/A

EPSS

30.31%

Published

Aug 12, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.

Weaknesses (CWE)

CWE-94

Affected Products (4)

microsoft · windows_nt

microsoft · officevulnerable

microsoft · office_converter_packvulnerable

microsoft · worksvulnerable

References (16)

http://marc.info/?l=bugtraq&m=121915960406986&w=2

http://secunia.com/advisories/31336

Vendor Advisory

http://www.securityfocus.com/bid/30597