1. Home
  2. CVE Database
  3. CVE-2009-2506
HIGH · 9.3

CVE-2009-2506

Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows re...

Vulnerability Description

Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftWindows 2000All versions
MicrosoftWindows Server 2003All versions
MicrosoftWindows XpAll versions
MicrosoftOffice Converter PackAll versions
MicrosoftOffice Word2002
MicrosoftWordpadAll versions
MicrosoftWorks8.5

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2009-2506?

CVE-2009-2506 is a vulnerability with a CVSS score of 9.3 (HIGH). Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows re...

How severe is CVE-2009-2506?

CVE-2009-2506 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-2506?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Server 2003, Microsoft Windows Xp, Microsoft Office Converter Pack, Microsoft Office Word.