PT-2009-2788 · Microsoft+1 · Office Converter Pack+3

Published

2009-04-15

Updated

2019-02-26

CVE-2009-0088

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Office Word 2000 SP3 Microsoft Office Converter Pack

Description A remote code execution issue exists due to improper validation of a string length in the WordPerfect 6.x Converter, allowing attackers to execute arbitrary code via a crafted WordPerfect 6.x file. This issue is related to an unspecified counter and control structures on the stack.

Recommendations For Microsoft Office Word 2000 SP3, update the WordPerfect 6.x Converter to a version that properly validates string lengths. For Microsoft Office Converter Pack, ensure the WordPerfect 6.x converter is updated to prevent remote code execution.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-0088

Affected Products

Office Converter Pack

Office Word 2000 Sp3

Office Word

Wordperfect 6.X Converter

PT-2009-2788 · Microsoft+1 · Office Converter Pack+3

CVE-2009-0088

Weakness Enumeration

Related Identifiers

Affected Products

References · 10