Multiple vulnerabilities in Microsoft Windows
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2009-0235 CVE-2009-0088 CVE-2009-0087 |
| CWE-ID | CWE-119 CWE-121 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #3 is being exploited in the wild. |
| Vulnerable software |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system Microsoft Word Client/Desktop applications / Office applications Microsoft Office Client/Desktop applications / Office applications |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU1278
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2009-0235
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability alows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when parsing a malformed Word 97 document in Microsoft WordPad. A remote attacker can create a specially crafted Word file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=552d322a-5282-42c7-9c1e-1d8c494a7318
Windows XP Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=50a8519a-503e-43dd-a78a-c1bc764fd213
Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=50a8519a-503e-43dd-a78a-c1bc764fd213
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=323f4211-5add-4e02-bce1-e5a1b489982c
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2233a4d2-7c8a-4c89-b020-100d9afb43c8
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=323f4211-5add-4e02-bce1-e5a1b489982c
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=e840b9cb-f1f4-482a-aa07-eb6b42b477c4
Windows: XP - 2000
Windows Server: 2003
CPE2.3- cpe:2.3:o:microsoft:windows:XP:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms09-010.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stack-based buffer overflow
EUVDB-ID: #VU1277
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2009-0088
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to stack overflow when parsing a malformed WordPerfect document. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Office Word 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=95876927-e612-414c-bdec-3632a3100415
Microsoft Word: 2000
Microsoft Office: 2000
CPE2.3- cpe:2.3:a:microsoft:microsoft_word:*:*:*:*:*:microsoft_office:*:*
- cpe:2.3:a:microsoft:microsoft_office:*:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms09-010.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU1276
Risk: Critical
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2009-0087
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when process documents in Microsoft WordPad and Microsoft Office converter. A remote attacker can create a specially crafted Word file containing a malformed data, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Install update from vendor's website:
Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=552d322a-5282-42c7-9c1e-1d8c494a7318
Windows XP Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=50a8519a-503e-43dd-a78a-c1bc764fd213
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=323f4211-5add-4e02-bce1-e5a1b489982c
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2233a4d2-7c8a-4c89-b020-100d9afb43c8
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=323f4211-5add-4e02-bce1-e5a1b489982c
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=e840b9cb-f1f4-482a-aa07-eb6b42b477c4
Microsoft Office Word 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=95876927-e612-414c-bdec-3632a3100415
Microsoft Office Word 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=e1db55c6-78fb-498d-89a5-9ad54d971546
Windows: XP - 2000
Microsoft Word: 2000 - 2002
Microsoft Office: 2000 - 2003
Windows Server: 2003
CPE2.3https://technet.microsoft.com/en-us/library/security/ms09-010.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
