CVE-2009-3135
Summary
| CVE | CVE-2009-3135 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-11-11 19:30:00 UTC |
| Updated | 2018-10-12 21:52:00 UTC |
| Description | Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability." |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Office | 2004 | All | mac | All |
| Application | Microsoft | Office | 2008 | All | mac | All |
| Application | Microsoft | Office | 2004 | All | mac | All |
| Application | Microsoft | Office | 2008 | All | mac | All |
| Application | Microsoft | Office Word | 2002 | sp3 | All | All |
| Application | Microsoft | Office Word | 2003 | sp3 | All | All |
| Application | Microsoft | Office Word | 2002 | sp3 | All | All |
| Application | Microsoft | Office Word | 2003 | sp3 | All | All |
| Application | Microsoft | Office Word Viewer | All | All | All | All |
| Application | Microsoft | Office Word Viewer | 2003 | sp3 | All | All |
| Application | Microsoft | Office Word Viewer | All | All | All | All |
| Application | Microsoft | Office Word Viewer | 2003 | sp3 | All | All |
| Application | Microsoft | Open Xml File Format Converter | All | All | mac | All |
| Application | Microsoft | Open Xml File Format Converter | All | All | mac | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 59857 | OSVDB | osvdb.org | |
| US-CERT Technical Cyber Security Alert TA09-314A -- Microsoft Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | US Government Resource |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| 20091110 Microsoft Word FIB Processing Stack Buffer Overflow Vulnerability | IDEFENSE | labs.idefense.com | |
| Microsoft Security Bulletin MS09-068 - Important | Microsoft Docs | MS | docs.microsoft.com | |
| Microsoft Word Memory Corruption Error Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Vendor Advisory |
| Microsoft Word Record Parsing Remote Stack Buffer Overflow Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.