[email protected]CVE-2009-0097

HistoryFeb 10, 2009 - 10:30 p.m.

CVE-2009-0097

2009-02-1022:30:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2009-0097

memory corruption

microsoft office

visio

remote code execution

security vulnerability

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.116 Low

EPSS

Percentile

95.3%

JSON

Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka “Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:visiomicrosoft visioeq2002
microsoft:visiomicrosoft visioeq2003
microsoft:visiomicrosoft visioeq2007

CPE	Name	Operator	Version
microsoft:visio	microsoft visio	eq	2002
microsoft:visio	microsoft visio	eq	2003
microsoft:visio	microsoft visio	eq	2007

References

www.us-cert.gov/cas/techalerts/TA09-041A.html

www.vupen.com/english/advisories/2009/0391

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6188

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.116 Low

EPSS

Percentile

95.3%

JSON

Related for CVE-2009-0097

prion1 checkpoint_advisories2 securityvulns2 openvas2 seebug1 nessus1