MS09-027 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)
Critical - Remote Code Execution This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
CVE-2009-0563
Known exploited
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
83.28%
Published
2009-06-10
Updated
2018-10-12
CISA KEV Added
2022-06-08
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
89.21%
Published
2009-06-10
Updated
2018-10-12