CVE-2008-4024

CVE Database · CVE-2008-4024

CVE-2008-4024

· N/AModified

CVSS v3.1

N/A

EPSS

28.88%

Published

Dec 10, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."

Weaknesses (CWE)

CWE-94

Affected Products (19)

microsoft · officevulnerable

microsoft · office_compatibility_pack_for_word_excel_ppt_2007vulnerable

microsoft · office_word_viewervulnerable

microsoft · open_xml_file_format_convertervulnerable

microsoft · worksvulnerable

microsoft · office_outlookvulnerable

microsoft · office_outlook

References (16)

http://www.coresecurity.com/content/word-arbitrary-free