Back to search
CVE-2009-2506
Published: Dec 9, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:5846
vdb-entry
signature
x_refsource_OVAL
37216
vdb-entry
x_refsource_BID
TA09-342A
third-party-advisory
x_refsource_CERT
20091208 Microsoft WordPad Word97 Converter Integer Overflow Vulnerability
third-party-advisory
x_refsource_IDEFENSE
MS09-073
vendor-advisory
x_refsource_MS
http://support.avaya.com/css/P8/documents/100070184
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now