Vulnerability Details : CVE-2009-0087

Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability."

Vulnerability category: Memory CorruptionExecute code

Published 2009-04-15 08:00:00

Updated 2018-10-30 16:25:57

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-0087

Probability of exploitation activity in the next 30 days: 91.28%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-0087

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	nvd@nist.gov
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2009-0087

Products affected by CVE-2009-0087

Microsoft » Windows 2000 » Version: N/A Update SP4
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » For X64
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows Xp » Update SP2
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 For X64
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:x64:*
Matching versions
Microsoft » Windows Xp » Update SP3
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2 For X64
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2 For Itanium
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:itanium:*
Matching versions
Microsoft » Windows 2003 Server » Update SP1 For Itanium
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:itanium:*
Matching versions
Microsoft » Windows 2003 Server » For X64
cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 2003 Server » Update SP1
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Word » Version: 2002 Update SP3
cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office Word » Version: 2000 Update SP3
cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*
Matching versions