PT-2009-2788 · Microsoft+1 · Office Converter Pack+3

Publicado

2009-04-15

Atualizado

2019-02-26

CVE-2009-0088

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Office Word 2000 SP3 Microsoft Office Converter Pack

Description A remote code execution issue exists due to improper validation of a string length in the WordPerfect 6.x Converter, allowing attackers to execute arbitrary code via a crafted WordPerfect 6.x file. This issue is related to an unspecified counter and control structures on the stack.

Recommendations For Microsoft Office Word 2000 SP3, update the WordPerfect 6.x Converter to a version that properly validates string lengths. For Microsoft Office Converter Pack, ensure the WordPerfect 6.x converter is updated to prevent remote code execution.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2009-0088

Produtos afetados

Office Converter Pack

Office Word 2000 Sp3

Office Word

Wordperfect 6.X Converter

PT-2009-2788 · Microsoft+1 · Office Converter Pack+3

CVE-2009-0088

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10