CVE-2009-2518Out-of-bounds Write in Microsoft Office

CWE-1892 documents2 sources
Severity
9.3CRITICALNVD
EPSS
53.2%
top 2.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office
Timeline
PublishedOct 14
Latest updateMay 2

Description

Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-j2jw-vxpm-g78j: Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) i2022-05-02
CVE-2009-2518 — Out-of-bounds Write in Microsoft Office | cvebase