CVE-2009-2502
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-10-21 16:34
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898
Impacted products
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          },
          {
            "name": "oval:org.mitre.oval:def:5898",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2009-2502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-11T16:41:52.863250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T16:34:33.080Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        },
        {
          "name": "oval:org.mitre.oval:def:5898",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2502",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            },
            {
              "name": "oval:org.mitre.oval:def:5898",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2502",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-10-21T16:34:33.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2502\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-10-14T10:30:01.390\",\"lastModified\":\"2024-10-21T17:35:04.240\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \\\"GDI+ TIFF Buffer Overflow Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen TIFF manipulado, tambi\u00e9n conocido como \\\"Vulnerabilidad de desbordamiento de b\u00fafer GDI+ TIFF\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":9.3},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2978BF86-5A1A-438E-B81F-F360D0E30C9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"F7EFB032-47F4-4497-B16B-CB9126EAC9DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"6881476D-81A2-4DFD-AC77-82A8D08A0568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7F6EA111-A4E6-4963-A0C8-F9336C605B6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*\",\"matchCriteriaId\":\"9CFB1A97-8042-4497-A45D-C014B5E240AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"7F9C7616-658D-409D-8B53-AC00DC55602A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\",\"matchCriteriaId\":\"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BF6AE15-EAC3-4100-A742-211026C79CCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F97EB992-2DC1-4E31-A298-072D8313130B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"42A6DF09-B8E1-414D-97E7-453566055279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47247A3-7CD7-4D67-9D9B-A94A504DA1BE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*\",\"matchCriteriaId\":\"86B3074F-1673-4439-8582-F2786D0ED54D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*\",\"matchCriteriaId\":\"28A57C4D-A305-4FF4-B9AC-853CAF7E30AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*\",\"matchCriteriaId\":\"16FD5898-64D7-4F4F-A4C5-5E7BDF340E28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"26423C70-4475-4D7E-8CC0-D8CFADE16B26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"F7EF6C51-17EA-43E4-84BA-08CE705C2D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"7ADB520B-B847-4855-95B1-6CEA36D66C07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"93B86335-EF14-4E4F-B192-2A5323A47D31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"AA80EDC4-4E84-40BE-86D5-1825AFA85390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*\",\"matchCriteriaId\":\"0F3BF09C-04D2-4367-BE58-72AD396B4110\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"377777D4-0649-4732-9E38-E4074056C561\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDB0020C-A804-4003-B411-1AC7A6E7193E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE2F0B8B-0600-4324-93A9-07DBE97E1BB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2876FC23-21A0-4F56-B0D9-11187173F7D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6761A1C-EC1C-4B00-8126-D58DAB51267A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"08AF794A-435D-4171-9DBB-EB7FAED96DBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34FA62BE-D804-402D-9BDD-68BC70ECCD76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5C94F2C-786B-45E4-B80A-FC668D917014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4B44889-AEEB-4713-A047-C27B802DB257\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A2613CE-C469-43AE-A590-87CE1FAADA8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"828A3CB6-EB0A-4CCD-B786-7316564EE40A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F646992A-D3B7-4474-8E0B-65B99086D844\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B39422-2E91-4F2C-8338-8A9292956260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F9C3119-B118-41E2-9622-FD40C6CC4B6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B55849C3-649E-487B-B702-E2F4B25ECAB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E647A7B3-7A92-4584-BDA7-81752FF59411\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B14AE8E-1BFF-4458-87CC-357957F18F8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1889A686-9565-4958-99BB-2EC24ABDF272\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D7B01AE-F457-45C1-8A37-7ED65CAF8638\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83EE0CCD-69AD-4705-9BB0-24688F7957F1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\\\+:*:*:*:*:*\",\"matchCriteriaId\":\"5E9AC6E2-D6C2-48E1-87C5-86470AC622DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*\",\"matchCriteriaId\":\"86B3074F-1673-4439-8582-F2786D0ED54D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*\",\"matchCriteriaId\":\"28A57C4D-A305-4FF4-B9AC-853CAF7E30AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*\",\"matchCriteriaId\":\"16FD5898-64D7-4F4F-A4C5-5E7BDF340E28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED077FFC-EBCC-4CD9-BF0E-0286B99C1965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"85959AEB-2FE5-4A25-B298-F8223CE260D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F40C30AF-7D70-4FE8-B7D1-F4734F791664\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"578221F3-4C20-4A3F-A286-5A4680E8785D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5DE8B76-FA09-4EA2-9535-758C56C4C099\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E711CC3-9094-4C54-A794-9C7A3E7F4AFA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]}]}],\"references\":[{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898\",\"source\":\"secure@microsoft.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.