Stack Corruption Vulnerability in Microsoft Office Word 2000 with WordPerfect 6.x Converter
CVE-2009-0088

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Converter Pack; Office Word; Windows 2000; Windows Server 2003
Vendor: CVE Published:; 15 April 2009

Summary

The WordPerfect 6.x Converter (WPFT632.CNV, version 1998.1.27.0) included in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack lacks appropriate validation for string lengths. This weakness allows remote attackers to execute arbitrary code by crafting a malicious WordPerfect 6.x file. The issue is linked to an unspecified counter and control structures on the stack, which could lead to potential security breaches if exploited.

References

http://www.securitytracker.com/id?1022043

vdb-entryx_refsource_SECTRACK

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 15, 2009
Vulnerability Reserved
Jan 8, 2009