Vulnerability Details : CVE-2009-2528

GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."

Vulnerability category: Memory CorruptionExecute code

Published 2009-10-14 10:30:02

Updated 2018-10-12 21:52:04

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-2528

Probability of exploitation activity in the next 30 days: 92.69%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-2528

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-2528

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: [email protected] (Primary)

References for CVE-2009-2528

Products affected by CVE-2009-2528

Microsoft » Sql Server » Version: 2005 Update SP2
cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2005 Update SP2 X64 Edition
cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2005 Update SP2 Itanium Edition
cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2005 Update SP3 X64 Edition
cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2005 Update SP3 Itanium Edition
cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2005 Update SP3
cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: XP
cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2003 Update SP3
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2007 Update SP1
cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2007 Update SP2
cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Project » Version: 2002 Update SP1
cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio » Version: 2008 Update SP1
cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio » Version: 2008
cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 Professional X64 Edition
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP3
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Works » Version: 8.5
cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*
Matching versions
Microsoft » .net Framework » Version: 1.1 Update SP1
cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » .net Framework » Version: 2.0 Update SP2
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » .net Framework » Version: 2.0 Update SP1
cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » Visual Foxpro » Version: 9.0 Update SP2
cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » Visual Foxpro » Version: 8.0 Update SP1
cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » Windows 2003 Server » Update SP2 X64 Edition
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Update SP2 Itanium Edition
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
Matching versions
Microsoft » Visio » Version: 2002 Update SP2
cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio .net » Version: 2005 Update SP1
cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio .net » Version: 2003 Update SP1
cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Excel Viewer » Version: 2003
cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*
Matching versions
Microsoft » Excel Viewer » Version: 2003 Update SP3
cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Word Viewer » Version: 2003
cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
Matching versions
Microsoft » Word Viewer » Version: 2003 Update SP3
cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » X64 Edition
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Vista
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update SP1
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update SP1 X64 Edition
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
Matching versions
Microsoft » Internet Explorer » Version: 6 Update SP1
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » Windows Server 2008 » X32 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Itanium Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
Matching versions
Microsoft » Expression Web
cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Expression Web » Version: 2
cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Powerpoint Viewer
cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Powerpoint Viewer » Version: 2007 Update SP1
cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Powerpoint Viewer » Version: 2007 Update SP2
cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Sql Server Reporting Services » Version: 2000 Update SP2
cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Report Viewer » Version: 2005 Update SP1 Redistributable Package Edition
cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*
Matching versions
Microsoft » Report Viewer » Version: 2008 Update SP1 Redistributable Package Edition
cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*
Matching versions
Microsoft » Report Viewer » Version: 2008 Redistributable Package Edition
cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*
Matching versions
Microsoft » Forefront Client Security » Version: 1.0
cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » Office Excel Viewer
cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Version: 2007 Update SP1
cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Compatibility Pack » Version: 2007 Update SP2
cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office Word Viewer
cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Office Groove » Version: 2007 Update SP1
cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Groove » Version: 2007
cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*
Matching versions
Microsoft » Platform Sdk » Redistrutable Gdi+ Edition
cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\+:*:*:*:*:*
Matching versions