← Back

CVE-2009-2528

nvd nist
Published: Oct 14, 2009Modified: Apr 23, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."

Affected (56)

Microsoft
26 products
Windows 2003 Server
Windows Server 2008
Windows Vista
Windows Xp
.net Framework
Internet Explorer
Sql Server
Sql Server Reporting Services
Excel Viewer
Expression Web
Office
Office Compatibility Pack
Office Excel Viewer
Office Groove
Office Powerpoint Viewer
Office Word Viewer
Project
Visio
Word Viewer
Works
Platform Sdk
Report Viewer
Visual Studio
Visual Studio .net
Forefront Client Security
Visual Foxpro
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Windows 2003 Server
All versions
Windows 2003 Server
All versions
Windows 2003 Server
All versions
Microsoft
Windows Server 2008
All versions
Windows Server 2008
All versions
Windows Server 2008
All versions
Microsoft
Windows Vista
All versions
Windows Vista
All versions
Windows Vista
All versions
Microsoft
Windows Xp
All versions
Windows Xp
All versions
Windows Xp
All versions
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
.net Framework
Version 1.1 sp1
.net Framework
Version 2.0 sp1
.net Framework
Version 2.0 sp2
Internet Explorer
Version 6 sp1
Configuration C
7 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Sql Server
Version 2005 sp2
Sql Server
Version 2005 sp2
Sql Server
Version 2005 sp2
Sql Server
Version 2005 sp3
Sql Server
Version 2005 sp3
Sql Server
Version 2005 sp3
Sql Server Reporting Services
Version 2000 sp2
Configuration D
22 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Excel Viewer
Version 2003
Excel Viewer
Version 2003 sp3
Microsoft
Expression Web
All versions
Expression Web
Version 2
Microsoft
Office
Version 2003 sp3
Office
Version 2007 sp1
Office
Version 2007 sp2
Office
Version xp
Microsoft
Office Compatibility Pack
Version 2007 sp1
Office Compatibility Pack
Version 2007 sp2
Office Excel Viewer
All versions
Microsoft
Office Groove
Version 2007
Office Groove
Version 2007 sp1
Microsoft
Office Powerpoint Viewer
All versions
Office Powerpoint Viewer
Version 2007 sp1
Office Powerpoint Viewer
Version 2007 sp2
Office Word Viewer
All versions
Project
Version 2002 sp1
Visio
Version 2002 sp2
Microsoft
Word Viewer
Version 2003
Word Viewer
Version 2003 sp3
Works
Version 8.5
Configuration E
8 vulnerable
Vulnerable SoftwareAffected Versions
Platform Sdk
All versions
Microsoft
Report Viewer
Version 2005 sp1
Report Viewer
Version 2008
Report Viewer
Version 2008 sp1
Microsoft
Visual Studio
Version 2008
Visual Studio
Version 2008 sp1
Microsoft
Visual Studio .net
Version 2003 sp1
Visual Studio .net
Version 2005 sp1
Configuration F
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Forefront Client Security
Version 1.0
Microsoft
Visual Foxpro
Version 8.0 sp1
Visual Foxpro
Version 9.0 sp2
Running on/withPlatform Versions
Microsoft
Windows 2000
All versions

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.