CVE-2009-0102

Name of the Vulnerable Software and Affected Versions Microsoft Project versions 2000 SR1 through 2002 SP1 Microsoft Office Project version 2003 SP3

Description A remote code execution issue exists due to improper handling of memory allocation for Project files, allowing attackers to execute arbitrary code via a malformed file. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Project versions 2000 SR1 through 2002 SP1, update to a version that properly handles memory allocation for Project files to prevent exploitation. For Microsoft Office Project version 2003 SP3, update to a version that properly handles memory allocation for Project files to prevent exploitation. As a temporary workaround, consider avoiding the use of specially crafted Project files until a patch is available.