Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for wordpad by microsoft

    CVE-2009-2506 (GCVE-0-2009-2506)

    Vulnerability from nvd – Published: 2009-12-09 18:00 – Updated: 2024-08-07 05:52
    VLAI
    Summary
    Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/37216 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA09-342A.html third-party-advisoryx_refsource_CERT
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://support.avaya.com/css/P8/documents/100070184 x_refsource_CONFIRM
    Date Public
    2009-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:52:14.703Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:5846",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846"
              },
              {
                "name": "37216",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37216"
              },
              {
                "name": "TA09-342A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
              },
              {
                "name": "20091208 Microsoft WordPad Word97 Converter Integer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834"
              },
              {
                "name": "MS09-073",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100070184"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:5846",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846"
            },
            {
              "name": "37216",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37216"
            },
            {
              "name": "TA09-342A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
            },
            {
              "name": "20091208 Microsoft WordPad Word97 Converter Integer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834"
            },
            {
              "name": "MS09-073",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100070184"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2009-2506",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:5846",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846"
                },
                {
                  "name": "37216",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37216"
                },
                {
                  "name": "TA09-342A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
                },
                {
                  "name": "20091208 Microsoft WordPad Word97 Converter Integer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834"
                },
                {
                  "name": "MS09-073",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073"
                },
                {
                  "name": "http://support.avaya.com/css/P8/documents/100070184",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/css/P8/documents/100070184"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2009-2506",
        "datePublished": "2009-12-09T18:00:00.000Z",
        "dateReserved": "2009-07-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:52:14.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4841 (GCVE-0-2008-4841)

    Vulnerability from nvd – Published: 2008-12-10 13:33 – Updated: 2024-08-07 10:31
    VLAI KEVIntel
    Summary
    The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/6560 exploitx_refsource_EXPLOIT-DB
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/32718 vdb-entryx_refsource_BID
    http://secunia.com/advisories/32997 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/3390 vdb-entryx_refsource_VUPEN
    http://www.us-cert.gov/cas/techalerts/TA09-104A.html third-party-advisoryx_refsource_CERT
    http://www.securityfocus.com/bid/31399 vdb-entryx_refsource_BID
    http://www.microsoft.com/technet/security/advisor… x_refsource_CONFIRM
    http://milw0rm.com/sploits/2008-crash.doc.rar x_refsource_MISC
    http://securitytracker.com/id?1021376 vdb-entryx_refsource_SECTRACK
    http://securityreason.com/securityalert/4711 third-party-advisoryx_refsource_SREASON
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.vupen.com/english/advisories/2009/1024 vdb-entryx_refsource_VUPEN
    Date Public
    2008-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:31:28.196Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "6560",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6560"
              },
              {
                "name": "oval:org.mitre.oval:def:6050",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6050"
              },
              {
                "name": "32718",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32718"
              },
              {
                "name": "32997",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32997"
              },
              {
                "name": "ADV-2008-3390",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3390"
              },
              {
                "name": "TA09-104A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
              },
              {
                "name": "31399",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31399"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.microsoft.com/technet/security/advisory/960906.mspx"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://milw0rm.com/sploits/2008-crash.doc.rar"
              },
              {
                "name": "1021376",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021376"
              },
              {
                "name": "4711",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4711"
              },
              {
                "name": "MS09-010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010"
              },
              {
                "name": "ADV-2009-1024",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008.  NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "6560",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6560"
            },
            {
              "name": "oval:org.mitre.oval:def:6050",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6050"
            },
            {
              "name": "32718",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32718"
            },
            {
              "name": "32997",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32997"
            },
            {
              "name": "ADV-2008-3390",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3390"
            },
            {
              "name": "TA09-104A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "name": "31399",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31399"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/960906.mspx"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://milw0rm.com/sploits/2008-crash.doc.rar"
            },
            {
              "name": "1021376",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021376"
            },
            {
              "name": "4711",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4711"
            },
            {
              "name": "MS09-010",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010"
            },
            {
              "name": "ADV-2009-1024",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1024"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-4841",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008.  NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "6560",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6560"
                },
                {
                  "name": "oval:org.mitre.oval:def:6050",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6050"
                },
                {
                  "name": "32718",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32718"
                },
                {
                  "name": "32997",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32997"
                },
                {
                  "name": "ADV-2008-3390",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3390"
                },
                {
                  "name": "TA09-104A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
                },
                {
                  "name": "31399",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31399"
                },
                {
                  "name": "http://www.microsoft.com/technet/security/advisory/960906.mspx",
                  "refsource": "CONFIRM",
                  "url": "http://www.microsoft.com/technet/security/advisory/960906.mspx"
                },
                {
                  "name": "http://milw0rm.com/sploits/2008-crash.doc.rar",
                  "refsource": "MISC",
                  "url": "http://milw0rm.com/sploits/2008-crash.doc.rar"
                },
                {
                  "name": "1021376",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021376"
                },
                {
                  "name": "4711",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4711"
                },
                {
                  "name": "MS09-010",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010"
                },
                {
                  "name": "ADV-2009-1024",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1024"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-4841",
        "datePublished": "2008-12-10T13:33:00.000Z",
        "dateReserved": "2008-10-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:31:28.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2506 (GCVE-0-2009-2506)

    Vulnerability from cvelistv5 – Published: 2009-12-09 18:00 – Updated: 2024-08-07 05:52
    VLAI
    Summary
    Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/37216 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA09-342A.html third-party-advisoryx_refsource_CERT
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://support.avaya.com/css/P8/documents/100070184 x_refsource_CONFIRM
    Date Public
    2009-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:52:14.703Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:5846",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846"
              },
              {
                "name": "37216",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37216"
              },
              {
                "name": "TA09-342A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
              },
              {
                "name": "20091208 Microsoft WordPad Word97 Converter Integer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834"
              },
              {
                "name": "MS09-073",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100070184"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:5846",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846"
            },
            {
              "name": "37216",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37216"
            },
            {
              "name": "TA09-342A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
            },
            {
              "name": "20091208 Microsoft WordPad Word97 Converter Integer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834"
            },
            {
              "name": "MS09-073",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100070184"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2009-2506",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:5846",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5846"
                },
                {
                  "name": "37216",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37216"
                },
                {
                  "name": "TA09-342A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
                },
                {
                  "name": "20091208 Microsoft WordPad Word97 Converter Integer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=834"
                },
                {
                  "name": "MS09-073",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-073"
                },
                {
                  "name": "http://support.avaya.com/css/P8/documents/100070184",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/css/P8/documents/100070184"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2009-2506",
        "datePublished": "2009-12-09T18:00:00.000Z",
        "dateReserved": "2009-07-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:52:14.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4841 (GCVE-0-2008-4841)

    Vulnerability from cvelistv5 – Published: 2008-12-10 13:33 – Updated: 2024-08-07 10:31
    VLAI KEVIntel
    Summary
    The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/6560 exploitx_refsource_EXPLOIT-DB
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/32718 vdb-entryx_refsource_BID
    http://secunia.com/advisories/32997 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/3390 vdb-entryx_refsource_VUPEN
    http://www.us-cert.gov/cas/techalerts/TA09-104A.html third-party-advisoryx_refsource_CERT
    http://www.securityfocus.com/bid/31399 vdb-entryx_refsource_BID
    http://www.microsoft.com/technet/security/advisor… x_refsource_CONFIRM
    http://milw0rm.com/sploits/2008-crash.doc.rar x_refsource_MISC
    http://securitytracker.com/id?1021376 vdb-entryx_refsource_SECTRACK
    http://securityreason.com/securityalert/4711 third-party-advisoryx_refsource_SREASON
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.vupen.com/english/advisories/2009/1024 vdb-entryx_refsource_VUPEN
    Date Public
    2008-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:31:28.196Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "6560",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6560"
              },
              {
                "name": "oval:org.mitre.oval:def:6050",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6050"
              },
              {
                "name": "32718",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32718"
              },
              {
                "name": "32997",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32997"
              },
              {
                "name": "ADV-2008-3390",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3390"
              },
              {
                "name": "TA09-104A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
              },
              {
                "name": "31399",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31399"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.microsoft.com/technet/security/advisory/960906.mspx"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://milw0rm.com/sploits/2008-crash.doc.rar"
              },
              {
                "name": "1021376",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021376"
              },
              {
                "name": "4711",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4711"
              },
              {
                "name": "MS09-010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010"
              },
              {
                "name": "ADV-2009-1024",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008.  NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "6560",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6560"
            },
            {
              "name": "oval:org.mitre.oval:def:6050",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6050"
            },
            {
              "name": "32718",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32718"
            },
            {
              "name": "32997",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32997"
            },
            {
              "name": "ADV-2008-3390",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3390"
            },
            {
              "name": "TA09-104A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "name": "31399",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31399"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/960906.mspx"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://milw0rm.com/sploits/2008-crash.doc.rar"
            },
            {
              "name": "1021376",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021376"
            },
            {
              "name": "4711",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4711"
            },
            {
              "name": "MS09-010",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010"
            },
            {
              "name": "ADV-2009-1024",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1024"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-4841",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008.  NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "6560",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6560"
                },
                {
                  "name": "oval:org.mitre.oval:def:6050",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6050"
                },
                {
                  "name": "32718",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32718"
                },
                {
                  "name": "32997",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32997"
                },
                {
                  "name": "ADV-2008-3390",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3390"
                },
                {
                  "name": "TA09-104A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
                },
                {
                  "name": "31399",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31399"
                },
                {
                  "name": "http://www.microsoft.com/technet/security/advisory/960906.mspx",
                  "refsource": "CONFIRM",
                  "url": "http://www.microsoft.com/technet/security/advisory/960906.mspx"
                },
                {
                  "name": "http://milw0rm.com/sploits/2008-crash.doc.rar",
                  "refsource": "MISC",
                  "url": "http://milw0rm.com/sploits/2008-crash.doc.rar"
                },
                {
                  "name": "1021376",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021376"
                },
                {
                  "name": "4711",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4711"
                },
                {
                  "name": "MS09-010",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010"
                },
                {
                  "name": "ADV-2009-1024",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1024"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-4841",
        "datePublished": "2008-12-10T13:33:00.000Z",
        "dateReserved": "2008-10-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:31:28.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }