1. CVE-Search
  2. CVE-2009-0102
ID CVE-2009-0102
Summary Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office_project:2007:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_project:2007:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office_project:2007:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_project:2007:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:project_portfolio_server:2007:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:project_portfolio_server:2007:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:project_portfolio_server:2007:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:project_portfolio_server:2007:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:project_server:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:project_server:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:project_server:2007:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:project_server:2007:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:project_server:2007:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:project_server:2007:sp2:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 21:49)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS09-074
bulletin_url
date 2009-12-08T00:00:00
impact Remote Code Execution
knowledgebase_id 967183
knowledgebase_url
severity Critical
title Vulnerability in Microsoft Office Project Could Allow Remote Code Execution
oval via4
accepted 2012-05-28T04:02:05.809-04:00
class vulnerability
contributors
  • name J. Daniel Brown
    organization DTCC
  • name Mike Lah
    organization The MITRE Corporation
  • name Rachana Shetty
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
  • comment Microsoft Project 2000 SR1 is installed
    oval oval:org.mitre.oval:def:518
  • comment Microsoft Project 2002 SP1 is installed
    oval oval:org.mitre.oval:def:707
  • comment Microsoft Project 2003 SP3 is installed
    oval oval:org.mitre.oval:def:5755
description Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
family windows
id oval:org.mitre.oval:def:6298
status accepted
submitted 2009-12-09T17:00:00
title Project Memory Validation Vulnerability
version 8
refmap via4
cert TA09-342A
Last major update 12-10-2018 - 21:49
Published 09-12-2009 - 18:30
Last modified 12-10-2018 - 21:49
Back to Top