CVE-2009-0102

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Project; Project Server; Project Portfolio Server
Vendor: CVE Published:; 9 December 2009

Summary

Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA09-342A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

89% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 9, 2009
Vulnerability Reserved
Jan 8, 2009

Collectors

NVD DatabaseMitre Database