CVE-2009-0563 - OpenCVE

Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Office Office Compatibility Pack Office Word Viewer Open Xml File Format Converter

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:office:2000:sp3::::::
	cpe:2.3:a:microsoft:office:2003:sp3::::::
	cpe:2.3:a:microsoft:office:2004:::::macos::
	cpe:2.3:a:microsoft:office:2007:sp1::::::
	cpe:2.3:a:microsoft:office:2007:sp2::::::
	cpe:2.3:a:microsoft:office:2008:::::macos::
	cpe:2.3:a:microsoft:office:xp:sp3::::::
	cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1::::::
	cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2::::::
	cpe:2.3:a:microsoft:office_word_viewer:-:::::::*
	cpe:2.3:a:microsoft:office_word_viewer:2003:sp3::::::
	cpe:2.3:a:microsoft:open_xml_file_format_converter:-:::::macos::

No data.

References

Link	Providers
http://osvdb.org/54959
http://www.securityfocus.com/archive/1/504204/100/0/threaded
http://www.securityfocus.com/bid/35188
http://www.securitytracker.com/id?1022356
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
http://www.vupen.com/english/advisories/2009/1546
http://www.zerodayinitiative.com/advisories/ZDI-09-035
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2009-06-10T17:37:00

Updated: 2024-08-07T04:40:05.118Z

Reserved: 2009-02-12T00:00:00

Link: CVE-2009-0563

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2009-06-10T18:00:00.313

Modified: 2024-06-28T14:15:58.267

Link: CVE-2009-0563

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object