Vulnerability Details : CVE-2009-3135
Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
Vulnerability category: OverflowMemory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2009-3135
Probability of exploitation activity in the next 30 days: 95.72%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-3135
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
[email protected] |
CWE ids for CVE-2009-3135
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: [email protected] (Primary)
References for CVE-2009-3135
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-068
-
http://www.us-cert.gov/cas/techalerts/TA09-314A.html
US Government Resource
-
http://www.securitytracker.com/id?1023158
-
http://www.vupen.com/english/advisories/2009/3194
Vendor Advisory
-
http://www.securityfocus.com/bid/36950
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=831
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6555
Products affected by CVE-2009-3135
- cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2008:*:mac:*:*:*:*:*
- cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_word:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_word_viewer:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*