Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0565

CWE-119Buffer Overflow5 documents4 sources
Severity
9.3CRITICAL
EPSS
78.7%
top 0.95%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Microsoft OfficeMicrosoft Office WordMicrosoft Office Word Viewer
Timeline
PublishedJun 10
Latest updateMay 2

Description

Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmicrosoft/office_word4 versions+3
NVDmicrosoft/office2004, 2008+1

🔴Vulnerability Details

2
GHSA
GHSA-vrc7-xp75-mp3c: Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Conver2022-05-02
CVEList
CVE-2009-0565: Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Conver2009-06-10

💥Exploits & PoCs

2
Exploit-DB
Microsoft Word 2003 - Record Parsing Buffer Overflow (MS09-027) (Metasploit)2011-04-16
Exploit-DB
Microsoft Word - Record Parsing Buffer Overflow (MS09-027)2010-08-20
CVE-2009-0565 (CRITICAL CVSS 9.3) | Buffer overflow in Microsoft Office | cvebase.io