CVE-2009-0088

The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/53663
http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
http://www.securitytracker.com/id?1022043
http://www.vupen.com/english/advisories/2009/1024
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:microsoft:office_converter_pack:2003:::::::*
	cpe:2.3:a:microsoft:office_word:2000:sp3::::::
	cpe:2.3:a:microsoft:office_word:2002:sp3::::::

OR	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2003::::::::
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2:pro_x64:::::
	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp1:itanium:::::
	cpe:2.3:o:microsoft:windows_xp:::pro_x64:::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp1::::::*

Information

Published : 2009-04-15 01:00

Updated : 2019-02-26 06:04

NVD link : CVE-2009-0088

Mitre link : CVE-2009-0088

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

microsoft

office_converter_pack
office_word
windows_xp
windows_server_2003
windows_2000

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://osvdb.org/53663", "name": "53663", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html", "name": "TA09-104A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://www.securitytracker.com/id?1022043", "name": "1022043", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2009/1024", "name": "ADV-2009-1024", "tags": [], "refsource": "VUPEN"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782", "name": "20090414 Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability", "tags": [], "refsource": "IDEFENSE"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736", "name": "oval:org.mitre.oval:def:5736", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010", "name": "MS09-010", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka \"Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0088", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-04-15T08:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:office_converter_pack:2003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-02-26T14:04Z"}