CVE-2009-0563
HIGH KEVMicrosoft Office <2007 - RCE
Title source: llmDescription
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."
References (10)
Scores
CVSS v3
7.8
EPSS
0.7992
EPSS Percentile
99.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitation Intel
CISA KEV
2022-06-08
VulnCheck KEV
2013-03-14
InTheWild.io
2012-04-14
ENISA EUVD
EUVD-2009-0567
Classification
CWE
CWE-787
Status
draft
Affected Products (12)
microsoft/office
microsoft/office
microsoft/office
microsoft/office
microsoft/office
microsoft/office
microsoft/office
microsoft/office_compatibility_pack
microsoft/office_compatibility_pack
microsoft/office_word_viewer
microsoft/office_word_viewer
microsoft/open_xml_file_format_converter
Timeline
Published
Jun 10, 2009
KEV Added
Jun 08, 2022
Tracked Since
Feb 18, 2026