CVE-2009-0088: Input Validation
First published: Wed Apr 15 2009(Updated: )
The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office Converter Pack | =2003 | |
| Microsoft Office Word | =2000-sp3 | |
| Microsoft Office Word | =2002-sp3 | |
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp1 | |
| Microsoft Windows Server | =sp1 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/53663
- http://www.us-cert.gov/cas/techalerts/TA09-104A.html
- http://www.securitytracker.com/id?1022043
- http://www.vupen.com/english/advisories/2009/1024
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010
Frequently Asked Questions
What is the severity of CVE-2009-0088?
CVE-2009-0088 has a critical severity rating due to its potential to allow remote code execution.
How do I fix CVE-2009-0088?
To fix CVE-2009-0088, users should ensure that their Microsoft Office software is updated to the latest service pack.
What software is affected by CVE-2009-0088?
CVE-2009-0088 affects Microsoft Office Word 2000 SP3, Microsoft Office Converter Pack 2003, and several versions of Windows including Windows XP and Windows Server 2003.
Can CVE-2009-0088 be exploited remotely?
Yes, CVE-2009-0088 can be exploited remotely through specially crafted WordPerfect 6.x files.
What types of attacks can CVE-2009-0088 enable?
CVE-2009-0088 can enable attackers to execute arbitrary code on the affected systems.
- collector/nvd-historical
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft office converter pack
- version/microsoft office converter pack/2003
- canonical/microsoft office word
- version/microsoft office word/2000-sp3
- version/microsoft office word/2002-sp3
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/microsoft windows server
- version/microsoft windows server/sp1
- version/microsoft windows server/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3