9.3

CVE-2009-0563

Warnung
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOffice Version2000 Updatesp3
MicrosoftOffice Version2003 Updatesp3
MicrosoftOffice Version2004 SwPlatformmacos
MicrosoftOffice Version2007 Updatesp1
MicrosoftOffice Version2007 Updatesp2
MicrosoftOffice Version2008 SwPlatformmacos
MicrosoftOffice Versionxp Updatesp3
MicrosoftOffice Compatibility Pack Version2007 Updatesp1
MicrosoftOffice Compatibility Pack Version2007 Updatesp2
MicrosoftOffice Word Viewer Version2003 Updatesp3
MicrosoftOpen Xml File Format Converter Version- SwPlatformmacos

08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Office Buffer Overflow Vulnerability

Schwachstelle

Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 63.08% 0.991
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Third Party Advisory
US Government Resource
Broken Link
http://osvdb.org/54959
Broken Link
http://www.securityfocus.com/archive/1/504204/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/35188
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1022356
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2009/1546
Broken Link
http://www.zerodayinitiative.com/advisories/ZDI-09-035
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6133
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0563
US Government Resource