// For flags

CVE-2009-0563

Microsoft Office Buffer Overflow Vulnerability

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."

Un desbordamiento de búfer en la región stack de la memoria en Office Word 2002 SP3, 2003 SP3 y 2007 SP1 y SP2 de Microsoft; Office para Mac 2004 y 2008 de Microsoft; Open XML File Format Converter para Mac; Office Word Viewer 2003 SP3 de Microsoft; Office Word Viewer de Microsoft; y Office Compatibility Pack para formatos de archivo de Word, Excel y PowerPoint 2007 SP1 y SP2 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un documento de Word con una etiqueta diseñada que contiene un campo de longitud no válido, también se conoce como "Word Buffer Overflow Vulnerability".

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file.
The specific flaw exists within the parsing of vulnerable tags inside a Microsoft Word document. Microsoft Word trusts a length field read from the file which is used to read file contents into a buffer allocated on the stack. When an invalid length is present, a stack based buffer overflow occurs, resulting in the ability to execute arbitrary code.

Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.

*Credits: ling & wushi of team509
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-02-12 CVE Reserved
  • 2009-06-10 CVE Published
  • 2022-06-08 Exploited in Wild
  • 2022-06-22 KEV Due Date
  • 2024-06-29 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- First Exploit
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Office
Search vendor "Microsoft" for product "Office"
2000
Search vendor "Microsoft" for product "Office" and version "2000"
sp3
Affected
Microsoft
Search vendor "Microsoft"
Office
Search vendor "Microsoft" for product "Office"
2003
Search vendor "Microsoft" for product "Office" and version "2003"
sp3
Affected
Microsoft
Search vendor "Microsoft"
Office
Search vendor "Microsoft" for product "Office"
2004
Search vendor "Microsoft" for product "Office" and version "2004"
macos
Affected
Microsoft
Search vendor "Microsoft"
Office
Search vendor "Microsoft" for product "Office"
2007
Search vendor "Microsoft" for product "Office" and version "2007"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Office
Search vendor "Microsoft" for product "Office"
2007
Search vendor "Microsoft" for product "Office" and version "2007"
sp2
Affected
Microsoft
Search vendor "Microsoft"
Office
Search vendor "Microsoft" for product "Office"
2008
Search vendor "Microsoft" for product "Office" and version "2008"
macos
Affected
Microsoft
Search vendor "Microsoft"
Office
Search vendor "Microsoft" for product "Office"
xp
Search vendor "Microsoft" for product "Office" and version "xp"
sp3
Affected
Microsoft
Search vendor "Microsoft"
Office Compatibility Pack
Search vendor "Microsoft" for product "Office Compatibility Pack"
2007
Search vendor "Microsoft" for product "Office Compatibility Pack" and version "2007"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Office Compatibility Pack
Search vendor "Microsoft" for product "Office Compatibility Pack"
2007
Search vendor "Microsoft" for product "Office Compatibility Pack" and version "2007"
sp2
Affected
Microsoft
Search vendor "Microsoft"
Office Word Viewer
Search vendor "Microsoft" for product "Office Word Viewer"
--
Affected
Microsoft
Search vendor "Microsoft"
Office Word Viewer
Search vendor "Microsoft" for product "Office Word Viewer"
2003
Search vendor "Microsoft" for product "Office Word Viewer" and version "2003"
sp3
Affected
Microsoft
Search vendor "Microsoft"
Open Xml File Format Converter
Search vendor "Microsoft" for product "Open Xml File Format Converter"
-macos
Affected