CVE-2009-3135: Buffer Overflow
First published: Wed Nov 11 2009(Updated: )
Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office | =2004 | |
| Microsoft Office | =2008 | |
| Microsoft Office Word | =2002-sp3 | |
| Microsoft Office Word | =2003-sp3 | |
| Microsoft Word Viewer | ||
| Microsoft Word Viewer | =2003-sp3 | |
| Microsoft Open XML File Format Converter |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA09-314A.html
- http://www.vupen.com/english/advisories/2009/3194
- http://secunia.com/advisories/37277
- http://www.securitytracker.com/id?1023158
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=831
- http://osvdb.org/59857
- http://www.securityfocus.com/bid/36950
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6555
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-068
Frequently Asked Questions
What is the severity of CVE-2009-3135?
CVE-2009-3135 has a high severity rating due to its potential to allow remote code execution.
How do I fix CVE-2009-3135?
To fix CVE-2009-3135, users should update Microsoft Office and Office Word Viewer to the latest available patches.
What software is affected by CVE-2009-3135?
CVE-2009-3135 affects Microsoft Office Word 2002 SP3, 2003 SP3, Office 2004 and 2008 for Mac, and Office Word Viewer 2003 SP3.
Can CVE-2009-3135 be exploited remotely?
Yes, CVE-2009-3135 can be exploited remotely by attackers through specially crafted Word documents.
What types of attacks are associated with CVE-2009-3135?
CVE-2009-3135 is associated with attacks that involve buffer overflows leading to arbitrary code execution.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/weakness
- vendor/microsoft
- canonical/microsoft office
- version/microsoft office/2004
- version/microsoft office/2008
- canonical/microsoft office word
- version/microsoft office word/2002-sp3
- version/microsoft office word/2003-sp3
- canonical/microsoft word viewer
- version/microsoft word viewer/2003-sp3
- canonical/microsoft open xml file format converter