CVE-2009-0088
Last modified
CVE-2009-0088 is a vulnerability of currently unknown severity. The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability.". EPSS estimates a 28.45% chance of exploitation in the next 30 days.
Description
The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Office Converter Pack | 2003 | — |
| Microsoft | Office Word | 2000 | Sp3 |
| Microsoft | Office Word | 2002 | Sp3 |
| Microsoft | Windows 2000 | All versions | Sp4 |
| Microsoft | Windows Server 2003 | All versions | — |
| Microsoft | Windows Xp | All versions | — |
References
- http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-0088?
How severe is CVE-2009-0088?
How do I fix CVE-2009-0088?
Are you affected by CVE-2009-0088?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST