{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Microsoft Office XP Service Pack 3 ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office 2003 Service Pack 2 ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Works 8.","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office 2000 Service Pack 3 ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Office Project 2002 Service Pack 1 ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}},{"description":"Pack de conversion Microsoft Office ;","product":{"name":"Office","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans certains filtres Microsoft\nOffice\u00a0:\n\n-   Office ne manipule pas correctement certains fichiers au format EPS\n    ;\n-   Office ne manipule pas correctement certains fichiers au format PICT\n    ayant une valeur incorrecte dans le champ bits_per_pixel ;\n-   Office ne manipule pas correctement certains fichiers au format BMP\n    (filtre BMPIMP32.FLT) ;\n-   Office ne manipule pas correctement certains fichiers au format WPG\n    (WordPerfect Graphics), en particulier via le filtre WPGIMP32.FLT.\n\nL'exploitation de ces vuln\u00e9rabilit\u00e9s peut entra\u00eener l'ex\u00e9cution de code\narbitraire \u00e0 distance suite \u00e0 une corruption de m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS08-044 de Microsoft pour\nl'obtention des correctifs (cf. section Documentation).\n","cves":[{"name":"CVE-2008-3018","url":"https://www.cve.org/CVERecord?id=CVE-2008-3018"},{"name":"CVE-2008-3020","url":"https://www.cve.org/CVERecord?id=CVE-2008-3020"},{"name":"CVE-2008-3460","url":"https://www.cve.org/CVERecord?id=CVE-2008-3460"},{"name":"CVE-2008-3019","url":"https://www.cve.org/CVERecord?id=CVE-2008-3019"},{"name":"CVE-2008-3021","url":"https://www.cve.org/CVERecord?id=CVE-2008-3021"}],"links":[{"title":"Avis de s\u00e9curit\u00e9 iDefense du 12 ao\u00fbt 2008 :","url":"http://labs.idefense.com/intelligence/vulnerabilities/"},{"title":"Avis de s\u00e9curit\u00e9 TippingPoint ZDI-08-049 du 12 ao\u00fbt 2008 :","url":"http://www.zerodayinitiative.com/advisories/ZDI-08-049"}],"reference":"CERTA-2008-AVI-405","revisions":[{"description":"version initiale.","revision_date":"2008-08-13T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Des vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans certains filtres Microsoft\nOffice. L'exploitation de ces derni\u00e8res peut conduire \u00e0 l'ex\u00e9cution de\ncode arbitraire \u00e0 distance par le biais de documents sp\u00e9cialement\nconstruits.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans des filtres Microsoft Office","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS08-044 du 12 ao\u00fbt 2008","url":"http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx"}]}