CVE-2009-1533

2009-06-1018:00:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.864

Percentile

98.6%

JSON

Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka “File Converter Buffer Overflow Vulnerability.”

Affected configurations

Nvd

Node

microsoftofficeMatch2000sp3

microsoftofficeMatch2003sp3

microsoftoffice_xpMatchsp3

microsoftworksMatch8.5

microsoftworksMatch9.0

VendorProductVersionCPE
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
microsoftoffice2003cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
microsoftoffice_xpsp3cpe:2.3:a:microsoft:office_xp:sp3:*:*:*:*:*:*:*
microsoftworks8.5cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*
microsoftworks9.0cpe:2.3:a:microsoft:works:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	2000	cpe:2.3:a:microsoft:office:2000:sp3::::::
microsoft	office	2003	cpe:2.3:a:microsoft:office:2003:sp3::::::
microsoft	office_xp	sp3	cpe:2.3:a:microsoft:office_xp:sp3:::::::*
microsoft	works	8.5	cpe:2.3:a:microsoft:works:8.5:::::::*
microsoft	works	9.0	cpe:2.3:a:microsoft:works:9.0:::::::*