CVE-2009-0102 — Microsoft Office Project vulnerability

CWE-3994 documents4 sources

Severity

9.3CRITICALNVD

EPSS

47.2%

top 2.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Project Microsoft Project Portfolio Server Microsoft Project Server

Timeline

PublishedDec 9

Latest updateMay 2

Description

Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmicrosoft/office_project2007

▶NVDmicrosoft/project_server2003, 2007+1

▶NVDmicrosoft/project_portfolio_server2007

🔴Vulnerability Details

GHSA

GHSA-4m9h-cpwq-g6hj: Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remot↗2022-05-02

▶

CVEList

CVE-2009-0102: Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remot↗2009-12-09

▶

💥Exploits & PoCs

Exploit-DB

Achievo 1.3.4 - SQL Injection↗2009-10-14

▶