CVE-2009-0088

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782

http://osvdb.org/53663

http://www.securitytracker.com/id?1022043

http://www.us-cert.gov/cas/techalerts/TA09-104A.html

http://www.vupen.com/english/advisories/2009/1024

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736

Details

Source: MITRE

Published: 2009-04-15

Updated: 2019-02-26

Type: CWE-20

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
36148MS09-010: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)NessusWindows : Microsoft Bulletins
high