CVE-2009-1515

Name of the Vulnerable Software and Affected Versions: file version 5.00

Description: The issue is related to a heap-based buffer overflow in the cdf read sat function, located in src/cdf.c. This allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file. Examples of such files include .msi, .doc, or .mpp files.

Recommendations: For file version 5.00, update to a newer version that contains a fix for this issue. As a temporary workaround, consider avoiding the use of the cdf read sat function until a patch is available. Restrict access to compound document files to minimize the risk of exploitation.