FKIE_CVE-2009-2506

Vulnerability from fkie_nvd - Published: 2009-12-09 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.
References
secure@microsoft.comhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834
secure@microsoft.comhttp://support.avaya.com/css/P8/documents/100070184
secure@microsoft.comhttp://www.securityfocus.com/bid/37216
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-342A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/css/P8/documents/100070184
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37216
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-342A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846
Impacted products
Vendor Product Version
microsoft windows_2000 *
microsoft windows_server_2003 *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft office_converter_pack *
microsoft office_word 2002
microsoft office_word 2003
microsoft wordpad *
microsoft works 8.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_converter_pack:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6C8409-397E-40DF-A645-6409189D450D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CDA5243A-BA58-41BC-8FFC-317239E511C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:wordpad:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2531DDF2-D2AA-4919-B756-28478AEA5AA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en los convertidores de texto en Microsoft Office Word 2002 SP3 y 2003 SP3; Works versi\u00f3n 8.5; Office Converter Pack; y WordPad en Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo DOC con un n\u00famero no v\u00e1lido de nombre de propiedad en la transmisi\u00f3n DocumentSummaryInformation, lo que desencadena un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria."
    }
  ],
  "id": "CVE-2009-2506",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-09T18:30:00.313",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://support.avaya.com/css/P8/documents/100070184"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/37216"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/css/P8/documents/100070184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.