CVE-2009-0088

Microsoft Office Converter Pack - Remote Code Execution via WordPerfect 6.x File Parsing

Title source: llm
STIX 2.1

Description

The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022043
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/53663
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1024

Scores

EPSS 0.2845
EPSS Percentile 97.9%

Details

CWE
CWE-20
Status published
Products (6)
microsoft/office_converter_pack 2003
microsoft/office_word 2000 sp3
microsoft/office_word 2002 sp3
microsoft/windows_2000
microsoft/windows_server_2003 (4 CPE variants)
microsoft/windows_xp (4 CPE variants)
Published Apr 15, 2009
Tracked Since Feb 18, 2026