CVE-2009-0235

2009-04-1508:00:00

CWE-119

[email protected]

web.nvd.nist.gov

stack overflow

wordpad

word 97

remote code execution

memory corruption

cve-2009-0235

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.883 High

EPSS

Percentile

98.7%

JSON

Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka “WordPad Word 97 Text Converter Stack Overflow Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_2000sp4

microsoftwindows_2003_serversp1

microsoftwindows_2003_serversp2

microsoftwindows_xpsp2

microsoftwindows_xpsp3

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_2003_servermicrosoft windows 2003 servereq*
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*