{"api_version":"1","generated_at":"2026-04-23T11:32:41+00:00","cve":"CVE-2009-0088","urls":{"html":"https://cve.report/CVE-2009-0088","api":"https://cve.report/api/cve/CVE-2009-0088.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-0088","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-0088"},"summary":{"title":"CVE-2009-0088","description":"The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka \"Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability.\"","state":"PUBLISHED","assigner":"microsoft","published_at":"2009-04-15 08:00:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-20","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS09-010 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/53663","name":"http://osvdb.org/53663","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securitytracker.com/id?1022043","name":"http://www.securitytracker.com/id?1022043","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft WordPad and Office Text Converter Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-104A.html","name":"http://www.us-cert.gov/cas/techalerts/TA09-104A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA09-104A -- Microsoft Updates for Multiple Vulnerabilities","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782","name":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/1024","name":"http://www.vupen.com/english/advisories/2009/1024","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-0088","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0088","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"88","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_converter_pack","cpe6":"2003","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"88","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_word","cpe6":"2000","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"88","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_word","cpe6":"2002","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"88","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2000","cpe6":"*","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"88","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2003","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"88","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2003","cpe6":"*","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"88","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2003","cpe6":"*","cpe7":"sp1","cpe8":"itanium","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"88","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2003","cpe6":"*","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"88","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"*","cpe8":"pro_x64","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"88","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"88","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"sp2","cpe8":"pro_x64","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"88","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T04:24:17.084Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1022043","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1022043"},{"name":"20090414 Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE","x_transferred"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782"},{"name":"oval:org.mitre.oval:def:5736","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736"},{"name":"TA09-104A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA09-104A.html"},{"name":"53663","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/53663"},{"name":"MS09-010","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010"},{"name":"ADV-2009-1024","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/1024"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-04-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka \"Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"1022043","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1022043"},{"name":"20090414 Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782"},{"name":"oval:org.mitre.oval:def:5736","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736"},{"name":"TA09-104A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA09-104A.html"},{"name":"53663","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/53663"},{"name":"MS09-010","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010"},{"name":"ADV-2009-1024","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/1024"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2009-0088","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka \"Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1022043","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1022043"},{"name":"20090414 Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability","refsource":"IDEFENSE","url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782"},{"name":"oval:org.mitre.oval:def:5736","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736"},{"name":"TA09-104A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA09-104A.html"},{"name":"53663","refsource":"OSVDB","url":"http://osvdb.org/53663"},{"name":"MS09-010","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010"},{"name":"ADV-2009-1024","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/1024"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2009-0088","datePublished":"2009-04-15T03:49:00.000Z","dateReserved":"2009-01-08T00:00:00.000Z","dateUpdated":"2024-08-07T04:24:17.084Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-04-15 08:00:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-20","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_converter_pack:2003:*:*:*:*:*:*:*","matchCriteriaId":"C6150F14-FF1A-4A2B-8114-B539520E585F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_word:2000:sp3:*:*:*:*:*:*","matchCriteriaId":"C1B2B207-751F-4596-B805-B4622E312B93"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_word:2002:sp3:*:*:*:*:*:*","matchCriteriaId":"0E99B12F-0DB7-4D0F-AD54-DD906CC8E3BD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*","matchCriteriaId":"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*","matchCriteriaId":"31A64C69-D182-4BEC-BA8A-7B405F5B2FC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*","matchCriteriaId":"DA778424-6F70-4AB6-ADD5-5D4664DFE463"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*","matchCriteriaId":"BCE2197B-7C58-4693-B9BB-0B31EABB6B66"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*","matchCriteriaId":"4D3B5E4F-56A6-4696-BBB4-19DF3613D020"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*","matchCriteriaId":"29EDE745-5A26-42BF-AFDE-7D985BB09D44"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*","matchCriteriaId":"9B339C33-8896-4896-88FF-88E74FDBC543"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*","matchCriteriaId":"2D48D876-6A88-4B52-9322-9F019BFA19B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*","matchCriteriaId":"CE477A73-4EE4-41E9-8694-5A3D5DC88656"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"88","Ordinal":"1","Title":"CVE-2009-0088","CVE":"CVE-2009-0088","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"88","Ordinal":"1","NoteData":"The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka \"Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability.\"","Type":"Description","Title":"CVE-2009-0088"},{"CveYear":"2009","CveId":"88","Ordinal":"2","NoteData":"2009-04-14","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"88","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}