CVE-2009-0088
Microsoft Office Converter Pack - Remote Code Execution via WordPerfect 6.x File Parsing
Title source: llmDescription
The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022043
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/53663
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1024
Scores
EPSS
0.2845
EPSS Percentile
97.9%
Details
CWE
CWE-20
Status
published
Products (6)
microsoft/office_converter_pack
2003
microsoft/office_word
2000 sp3
microsoft/office_word
2002 sp3
microsoft/windows_2000
microsoft/windows_server_2003
(4 CPE variants)
microsoft/windows_xp
(4 CPE variants)
Published
Apr 15, 2009
Tracked Since
Feb 18, 2026