ID CVE-2009-0087
Summary Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office_word:2000:sp3
    cpe:2.3:a:microsoft:office_word:2000:sp3
  • cpe:2.3:a:microsoft:office_word:2002:sp3
    cpe:2.3:a:microsoft:office_word:2002:sp3
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • cpe:2.3:o:microsoft:windows_2003_server:-::-:-:-:-:x64
    cpe:2.3:o:microsoft:windows_2003_server:-::-:-:-:-:x64
  • Microsoft Windows 2003 Server Service Pack 1
    cpe:2.3:o:microsoft:windows_2003_server:-:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:-:sp1:-:-:-:-:itanium
    cpe:2.3:o:microsoft:windows_2003_server:-:sp1:-:-:-:-:itanium
  • Microsoft Windows 2003 Server Service Pack 2
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2
  • cpe:2.3:o:microsoft:windows_2003_server:-:sp2:-:-:-:-:itanium
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:-:-:-:-:itanium
  • cpe:2.3:o:microsoft:windows_2003_server:-:sp2:-:-:-:-:x64
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:-:-:-:-:x64
  • cpe:2.3:o:microsoft:windows_xp:-::-:-:-:-:x64
    cpe:2.3:o:microsoft:windows_xp:-::-:-:-:-:x64
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:-:-:-:-:x64
    cpe:2.3:o:microsoft:windows_xp:-:sp2:-:-:-:-:x64
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
CVSS
Base: 9.3 (as of 14-07-2015 - 14:08)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS09-010
bulletin_url
date 2009-04-14T00:00:00
impact Remote Code Execution
knowledgebase_id 960477
knowledgebase_url
severity Critical
title Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS09-010.NASL
description The remote host contains a version of the Microsoft WordPad and/or Microsoft Office text converters that could allow remote code execution if a specially crafted file is opened.
last seen 2019-02-21
modified 2018-11-15
plugin id 36148
published 2009-04-15
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=36148
title MS09-010: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
oval via4
accepted 2014-06-30T04:11:06.178-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Brendan Miles
    organization The MITRE Corporation
  • name J. Daniel Brown
    organization DTCC
  • name Josh Turpin
    organization Symantec Corporation
  • name Dragos Prisaca
    organization G2, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
    oval oval:org.mitre.oval:def:720
  • comment Microsoft Windows Server 2003 SP1 (x64) is installed
    oval oval:org.mitre.oval:def:4386
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Word 2000 is installed
    oval oval:org.mitre.oval:def:455
  • comment Microsoft Word 2002 is installed
    oval oval:org.mitre.oval:def:973
description Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:5799
status accepted
submitted 2009-04-14T16:00:00
title WordPad and Office Text Converter Memory Corruption Vulnerability
version 28
refmap via4
cert TA09-104A
ms MS09-010
osvdb 53662
sectrack 1022043
vupen ADV-2009-1024
Last major update 14-07-2015 - 14:09
Published 15-04-2009 - 04:00
Last modified 30-10-2018 - 12:25
Back to Top