[email protected]CVE-2009-0095

HistoryFeb 10, 2009 - 10:30 p.m.

CVE-2009-0095

2009-02-1022:30:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2009-0095

microsoft office

visio

memory validation

vulnerability

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.356 Low

EPSS

Percentile

97.1%

JSON

Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka “Memory Validation Vulnerability.”

CPENameOperatorVersion
microsoft:visiomicrosoft visioeq2002
microsoft:visiomicrosoft visioeq2003
microsoft:visiomicrosoft visioeq2007

CPE	Name	Operator	Version
microsoft:visio	microsoft visio	eq	2002
microsoft:visio	microsoft visio	eq	2003
microsoft:visio	microsoft visio	eq	2007

References

www.us-cert.gov/cas/techalerts/TA09-041A.html

www.vupen.com/english/advisories/2009/0391

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.356 Low

EPSS

Percentile

97.1%

JSON

Related for CVE-2009-0095

prion1 securityvulns2 openvas2 nessus1 checkpoint_advisories2 seebug1