CERTA-2009-AVI-222
Vulnerability from certfr_avis

Une vulnérabilité de Microsoft Office Word permet à un individu distant d'exécuter du code arbitraire.

Description

Une vulnérabilité de Microsoft Office Word permet à un individu distant d'exécuter du code arbitraire par le biais d'un fichier au format Word spécialement construit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Microsoft Office Office Compatibility Pack pour Word 2007 Sercice Pack 1 et 2.
Microsoft Office Office Word Viewer ;
Microsoft Office Office XP Service Pack 3 ;
Microsoft Office Office 2003 Service Pack 3 ;
Microsoft Office Office Word Viewer 2003 Service Pack 3 ;
Microsoft Office Office 2007 Service Pack 1 et 2 ;
Microsoft Office Convertisseur de fichier au format XML pour Mac ;
Microsoft Office Office 2004 et 2008 pour Mac ;
Microsoft Office Office 2000 Service Pack 3 ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Office Compatibility Pack pour Word 2007 Sercice Pack 1 et 2.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office Word Viewer ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office XP Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office Word Viewer 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2007 Service Pack 1 et 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Convertisseur de fichier au format XML pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2004 et 2008 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de Microsoft Office Word permet \u00e0 un individu distant\nd\u0027ex\u00e9cuter du code arbitraire par le biais d\u0027un fichier au format Word\nsp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0563"
    },
    {
      "name": "CVE-2009-0565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0565"
    }
  ],
  "initial_release_date": "2009-06-10T00:00:00",
  "last_revision_date": "2009-06-10T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-222",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de \u003cspan class=\"textit\"\u003eMicrosoft Office Word\u003c/span\u003e\npermet \u00e0 un individu distant d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-027 du 09 juin 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-027.mspx"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.