Stack-based buffer overflow in Microsoft Word and Microsoft Office - CVE-2009-0088
Published: December 13, 2016 / Updated: March 16, 2017
Vulnerability identifier: #VU1277
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2009-0088
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Word
Microsoft Office
Microsoft Word
Microsoft Office
Detailed vulnerability description
The vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to stack overflow when parsing a malformed WordPerfect document. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness exists due to stack overflow when parsing a malformed WordPerfect document. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2009-0088
Install update from vendor's website:
Microsoft Office Word 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=95876927-e612-414c-bdec-3632a3100415
Microsoft Office Word 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=95876927-e612-414c-bdec-3632a3100415