Vulnerability Name:

CVE-2009-0235 (CCN-49575)

Assigned:2009-04-14
Published:2009-04-14
Updated:2018-10-12
Summary:Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-0235

Source: IDEFENSE
Type: UNKNOWN
20090414 Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability

Source: OSVDB
Type: UNKNOWN
53664

Source: CCN
Type: SECTRACK ID: 1022043
Microsoft WordPad and Office Text Converter Bugs Let Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2009-131
MS09-010 Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)

Source: CCN
Type: Microsoft Security Bulletin MS09-010
Vulnerabilities in WordPad and Office Text Converters could allow Remote Code Execution (960477)

Source: CCN
Type: Microsoft Security Bulletin MS09-073
Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

Source: CCN
Type: OSVDB ID: 53664
Microsoft WordPad Word 97 Text Converter File Handling Overflow

Source: BID
Type: UNKNOWN
34470

Source: CCN
Type: BID-34470
Microsoft WordPad Word 97 Converter Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022043

Source: CERT
Type: US Government Resource
TA09-104A

Source: VUPEN
Type: UNKNOWN
ADV-2009-1024

Source: MS
Type: UNKNOWN
MS09-010

Source: XF
Type: UNKNOWN
ms-wordpad-word97-bo(49575)

Source: CCN
Type: iDefense PUBLIC ADVISORY: 04.14.09
Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5893

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5893
    V
    		WordPad Word 97 Text Converter Stack Overflow Vulnerability
    2014-06-30
    BACK
    microsoft windows 2000 * sp4
    microsoft windows 2003 server * sp1
    microsoft windows 2003 server * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp3
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows xp sp2
    microsoft windows xp sp3