certfr_avis - certa-2009-avi-495

CERTA-2009-AVI-495

Vulnerability from certfr_avis

Une vulnérabilité dans Microsoft Office Word permet à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité de type corruption de mémoire dans Microsoft Offfice Word permet à une personne malintentionnée d'exécuter du code arbitraire en incitant une victime à ouvrir un document Word spécialement conçu.

Solution

Se référer au bulletin de sécurité Microsoft MS09-068 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office Word Viewer 2003 Service Pack 3 ;
Microsoft	Office	Convertisseur de formats de fichier Open XML pour Mac ;
Microsoft	Office	Microsoft Office 2008 pour Mac ;
Microsoft	Office	Microsoft Office Word Viewer.
Microsoft	Office	Microsoft Office Word 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;
Microsoft	Office	Microsoft Word 2002 (Office XP) Service Pack 3 ;

References

Title

Publication Time

CVE-2009-3135 (GCVE-0-2009-3135)

Vulnerability from cvelistv5

Published

2009-11-11 19:00

Modified

2024-08-07 06:14

Severity ?

CWE

Summary

Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."

References

URL

Tags

	http://www.vupen.com/english/advisories/2009/3194	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/36950	vdb-entry, x_refsource_BID
	http://osvdb.org/59857	vdb-entry, x_refsource_OSVDB
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-068	vendor-advisory, x_refsource_MS
	http://www.us-cert.gov/cas/techalerts/TA09-314A.html	third-party-advisory, x_refsource_CERT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6555	vdb-entry, signature, x_refsource_OVAL
	http://www.securitytracker.com/id?1023158	vdb-entry, x_refsource_SECTRACK
	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=831	third-party-advisory, x_refsource_IDEFENSE
	http://secunia.com/advisories/37277	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:14:56.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-3194",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3194"
          },
          {
            "name": "36950",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36950"
          },
          {
            "name": "59857",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/59857"
          },
          {
            "name": "MS09-068",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-068"
          },
          {
            "name": "TA09-314A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-314A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6555",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6555"
          },
          {
            "name": "1023158",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023158"
          },
          {
            "name": "20091110 Microsoft Word FIB Processing Stack Buffer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=831"
          },
          {
            "name": "37277",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37277"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka \"Microsoft Office Word File Information Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ADV-2009-3194",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3194"
        },
        {
          "name": "36950",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36950"
        },
        {
          "name": "59857",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/59857"
        },
        {
          "name": "MS09-068",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-068"
        },
        {
          "name": "TA09-314A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-314A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6555",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6555"
        },
        {
          "name": "1023158",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023158"
        },
        {
          "name": "20091110 Microsoft Word FIB Processing Stack Buffer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=831"
        },
        {
          "name": "37277",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37277"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-3135",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka \"Microsoft Office Word File Information Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-3194",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3194"
            },
            {
              "name": "36950",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36950"
            },
            {
              "name": "59857",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/59857"
            },
            {
              "name": "MS09-068",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-068"
            },
            {
              "name": "TA09-314A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-314A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6555",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6555"
            },
            {
              "name": "1023158",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023158"
            },
            {
              "name": "20091110 Microsoft Word FIB Processing Stack Buffer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=831"
            },
            {
              "name": "37277",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37277"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-3135",
    "datePublished": "2009-11-11T19:00:00",
    "dateReserved": "2009-09-10T00:00:00",
    "dateUpdated": "2024-08-07T06:14:56.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted