CVE-2009-0565
Microsoft Word - Record Parsing Buffer Overflow (MS09-027)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability."
Desbordamiento de búfer en Microsoft Office Word 2000 SP3, 2002 SP3, y 2007 SP1 y SP2; Microsoft Office para Mac 2004 y 2008; Conversor de formato de archivo Open XML para Mac; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, permite a los atacantes remotos ejecutar arbitrariamente código a través de un documento Word con un registro malformado que lanza una corrupción de memoria, también conocido como "Vulnerabilidad de desbordamiento de búfer Word"
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-02-12 CVE Reserved
- 2009-06-10 CVE Published
- 2010-08-20 First Exploit
- 2023-09-13 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/54960 | Vdb Entry | |
| http://securityreason.com/securityalert/8206 | Third Party Advisory | |
| http://www.securityfocus.com/bid/35190 | Vdb Entry | |
| http://www.securitytracker.com/id?1022356 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA09-160A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2009/1546 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6334 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/14693 | 2010-08-20 | |
| https://www.exploit-db.com/exploits/17177 | 2011-04-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2004 Search vendor "Microsoft" for product "Office" and version "2004" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2008 Search vendor "Microsoft" for product "Office" and version "2008" | mac |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Compatibility Pack For Word Excel Ppt 2007 Search vendor "Microsoft" for product "Office Compatibility Pack For Word Excel Ppt 2007" | * | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Compatibility Pack For Word Excel Ppt 2007 Search vendor "Microsoft" for product "Office Compatibility Pack For Word Excel Ppt 2007" | * | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Word Search vendor "Microsoft" for product "Office Word" | 2000 Search vendor "Microsoft" for product "Office Word" and version "2000" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Word Search vendor "Microsoft" for product "Office Word" | 2002 Search vendor "Microsoft" for product "Office Word" and version "2002" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Word Search vendor "Microsoft" for product "Office Word" | 2003 Search vendor "Microsoft" for product "Office Word" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Word Search vendor "Microsoft" for product "Office Word" | 2007 Search vendor "Microsoft" for product "Office Word" and version "2007" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Word Search vendor "Microsoft" for product "Office Word" | 2007 Search vendor "Microsoft" for product "Office Word" and version "2007" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Word Viewer Search vendor "Microsoft" for product "Office Word Viewer" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Word Viewer Search vendor "Microsoft" for product "Office Word Viewer" | 2003 Search vendor "Microsoft" for product "Office Word Viewer" and version "2003" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Open Xml File Format Converter Search vendor "Microsoft" for product "Open Xml File Format Converter" | * | mac |
Affected
| ||||||