CVE-2009-0088 : The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converte

The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."

Published 2009-04-15 08:00:00

Updated 2019-02-26 14:04:01

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Input validationExecute code

Exploit prediction scoring system (EPSS) score for CVE-2009-0088

Probability of exploitation activity in the next 30 days: 34.81%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-0088

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-0088

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-0088

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736
http://www.securitytracker.com/id?1022043

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA09-104A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/1024

CVEs referencing this url

Products affected by CVE-2009-0088

Microsoft » Windows 2000 » Update SP4
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Office Converter Pack » Version: 2003
cpe:2.3:a:microsoft:office_converter_pack:2003:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Pro X64 Edition
cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 Pro X64 Edition
cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP3
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP2
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP1 Itanium Edition
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2003 » Update SP1
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office Word » Version: 2002 Update SP3
cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office Word » Version: 2000 Update SP3
cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2009-0088

Exploit prediction scoring system (EPSS) score for CVE-2009-0088

CVSS scores for CVE-2009-0088

CWE ids for CVE-2009-0088

References for CVE-2009-0088

Products affected by CVE-2009-0088