PT-2009-4931 · Microsoft · Office Xp Sp3+1
Published
2009-10-14
·
Updated
2023-12-07
·
CVE-2009-2528
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft Office XP SP3
Description
The issue arises from the improper handling of malformed objects in Office Art Property Tables by GDI+ in Microsoft Office, allowing remote attackers to execute arbitrary code via a crafted Office document. This triggers memory corruption.
Recommendations
For Microsoft Office XP SP3, update to a version that properly handles malformed objects in Office Art Property Tables to prevent memory corruption and arbitrary code execution.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gdi+
Office Xp Sp3