Vulnerability CVE-2009-0088
Published: 2009-04-15   Modified: 2012-02-13

Description:
The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Microsoft -> Office converter pack 
Microsoft -> Office word 
Microsoft -> Windows 2000 
Microsoft -> Windows server 2003 
Microsoft -> Windows xp 

 References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782
http://www.securitytracker.com/id?1022043
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
http://www.vupen.com/english/advisories/2009/1024
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736
Copyright 2024, cxsecurity.com

 

Back to Top