ID CVE-2009-0087
Summary Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:itanium:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:itanium:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:itanium:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:itanium:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-06-30T04:11:06.178-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Brendan Miles
    organization The MITRE Corporation
  • name J. Daniel Brown
    organization DTCC
  • name Josh Turpin
    organization Symantec Corporation
  • name Dragos Prisaca
    organization G2, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
    oval oval:org.mitre.oval:def:720
  • comment Microsoft Windows Server 2003 SP1 (x64) is installed
    oval oval:org.mitre.oval:def:4386
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Word 2000 is installed
    oval oval:org.mitre.oval:def:455
  • comment Microsoft Word 2002 is installed
    oval oval:org.mitre.oval:def:973
description Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:5799
status accepted
submitted 2009-04-14T16:00:00
title WordPad and Office Text Converter Memory Corruption Vulnerability
version 28
refmap via4
cert TA09-104A
ms MS09-010
osvdb 53662
sectrack 1022043
vupen ADV-2009-1024
Last major update 30-10-2018 - 16:25
Published 15-04-2009 - 08:00
Back to Top