CVE-2008-3021

CVE Database · CVE-2008-3021

CVE-2008-3021

· N/AModified

CVSS v3.1

N/A

EPSS

35.91%

Published

Aug 12, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.

Weaknesses (CWE)

CWE-399

Affected Products (5)

microsoft · officevulnerable

microsoft · office_converter_packvulnerable

microsoft · worksvulnerable

References (20)

http://marc.info/?l=bugtraq&m=121915960406986&w=2

http://secunia.com/advisories/31336

PatchVendor Advisory

http://www.securityfocus.com/archive/1/495429/100/0/threaded

http://www.securityfocus.com/bid/30598