CVE-2009-0563
Published: 10 June 2009
Summary
CVE-2009-0563 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2009-0563 is a stack-based buffer overflow present in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1/SP2, Microsoft Office for Mac 2004 and 2008, Open XML File Format Converter for Mac, Microsoft Office Word Viewer 2003 SP3 and Word Viewer, and the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2. It stems from improper handling of a crafted tag containing an invalid length field within a Word document and is tracked as CWE-787 with a CVSS 3.1 score of 7.8.
An attacker can exploit the flaw by sending a specially crafted Word document to a victim, who triggers arbitrary code execution simply by opening the file in an affected application. The attack requires no authentication and succeeds under local access conditions when user interaction occurs.
References including US-CERT TA09-160A and associated vendor bulletins direct administrators to apply the patches released by Microsoft for the listed products and to exercise caution when handling untrusted Word documents from external sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2009-0567
Vulnerability details
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer;…
more
and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."
- CWE(s)
- KEV Date Added
- 08 June 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of vendor patches that eliminate the stack buffer overflow in the Word parsers.
Mandates validation of all input fields (including the malformed length tag) before they are processed by the application.
Requires malicious-code detection mechanisms that can inspect and block specially crafted Word documents before they are opened.