9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.883 High
EPSS
Percentile
98.7%
Added: 04/23/2009
CVE: CVE-2009-0235
BID: 34470
OSVDB: 53664
The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files.
A buffer overflow vulnerability in the Word 97 text converter allows command execution when a user opens a specially crafted file containing an invalid character position value.
Apply the patch referenced in Microsoft Security Bulletin 09-010.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=783>
Exploit works on Windows 2000 SP4 and requires a user to open the exploit file in WordPad.
Windows 2000