Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-0102 | First vendor Publication | 2009-12-09 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0102 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6298 | |||
Oval ID: | oval:org.mitre.oval:def:6298 | ||
Title: | Project Memory Validation Vulnerability | ||
Description: | Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0102 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | Microsoft Project 2000 Microsoft Project 2002 Microsoft Project 2003 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 2 | |
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2009-12-14 | Name : Microsoft Office Project Remote Code Execution Vulnerability (967183) File : nvt/secpod_ms09-074.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
60830 | Microsoft Office Project File Handling Memory Validation Arbitrary Code Execu... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-12-10 | IAVM : 2009-A-0129 - Microsoft Windows Office Project Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0022099 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50823 - Revision : 1 - Type : FILE-OFFICE |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50822 - Revision : 1 - Type : FILE-OFFICE |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50821 - Revision : 1 - Type : FILE-OFFICE |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50820 - Revision : 1 - Type : FILE-OFFICE |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50819 - Revision : 1 - Type : FILE-OFFICE |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50818 - Revision : 1 - Type : FILE-OFFICE |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50817 - Revision : 1 - Type : FILE-OFFICE |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50816 - Revision : 1 - Type : FILE-OFFICE |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50815 - Revision : 1 - Type : FILE-OFFICE |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50814 - Revision : 1 - Type : FILE-OFFICE |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50813 - Revision : 1 - Type : FILE-OFFICE |
2019-08-30 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 50812 - Revision : 1 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Project file parsing arbitrary memory access attempt RuleID : 16328 - Revision : 13 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-12-08 | Name : Arbitrary code can be executed on the remote host through Microsoft Project. File : smb_nt_ms09-074.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:09:00 |
|
2021-04-22 01:09:21 |
|
2020-05-23 00:23:12 |
|
2018-10-13 00:22:46 |
|
2017-09-29 09:24:01 |
|
2016-04-26 18:33:07 |
|
2014-02-17 10:48:18 |
|
2014-01-19 21:25:34 |
|
2013-11-11 12:38:10 |
|
2013-05-10 23:41:50 |
|