CVE-2009-2506

Metadata

CVE-2009-2506
9.3
labs.idefense.com, support.avaya.com, microsoft.com, securityfocus.com, us-cert.gov
2009-12-09
2017-09-21 21:08

Description

Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.

Related Vulnerabilities