Vulnerability Description
Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2004 |
| Microsoft | Office Word | 2002 |
| Microsoft | Office Word Viewer | All versions |
| Microsoft | Open Xml File Format Converter | All versions |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=831
- http://osvdb.org/59857
- http://secunia.com/advisories/37277Vendor Advisory
- http://www.securityfocus.com/bid/36950
- http://www.securitytracker.com/id?1023158
- http://www.us-cert.gov/cas/techalerts/TA09-314A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2009/3194Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-06
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=831
- http://osvdb.org/59857
- http://secunia.com/advisories/37277Vendor Advisory
- http://www.securityfocus.com/bid/36950
- http://www.securitytracker.com/id?1023158
- http://www.us-cert.gov/cas/techalerts/TA09-314A.htmlUS Government Resource
FAQ
What is CVE-2009-3135?
CVE-2009-3135 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer al...
How severe is CVE-2009-3135?
CVE-2009-3135 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3135?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Office Word, Microsoft Office Word Viewer, Microsoft Open Xml File Format Converter.