SAINT CorporationSAINT:C25E910DA0DD896923122EA4927DC91DMS Office Word malformed Sprm record buffer overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.892 High
EPSS
Percentile
98.7%
Added: 08/05/2009
CVE: CVE-2009-0565
BID: 35190
OSVDB: 54960
Background
Microsoft Office Word is Microsoft’s word processing software, released as a component of Microsoft Office suite.
Problem
A buffer overflow in Microsoft Office Word allows remote command execution when a specially crafted Word file with a malformed Sprm record is processed.
Resolution
Install the patch referenced in Microsoft Security Bulletin 09-027.
References
<http://www.microsoft.com/technet/security/Bulletin/MS09-027.mspx>
Limitations
Exploit works on Windows XP SP3 with DEP enabled, and requires a user to open the exploit file in Microsoft Office Word 2002 SP3 with patch KB956329.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.892 High
EPSS
Percentile
98.7%