9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.781 High
EPSS
Percentile
98.3%
Added: 10/22/2009
CVE: CVE-2009-2528
BID: 36650
OSVDB: 58869
Microsoft Office is a package that provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. MS Office XP (2002) and MS Office 2000 use the Microsoft Windows GDI+ Application Programming Interface (API) to produce graphics and formatted text on both the video display and the printer instead of accessing graphics hardware directly.
A memory corruption vulnerability in the way MS Office handles malformed objects in Office Art Property Tables allows remote attackers to execute arbitrary code when a user opens a specially crafted Office document.
Apply the patches referenced in Microsoft Security Bulletin 09-062.
<http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx>
Exploit works on MS Office Word 2002 SP3.
User must open the exploit file in MS Office Word.
The CPAN modules IO::Uncompress and Compress::Zlib are required by this exploit in order to compress the data transfered from the exploit web server.
Windows