Cyber Resilience

CVE-2009-0563

HighCISA KEVActive ExploitationEUVD Exploited

Published: 10 June 2009

Published
10 June 2009
Modified
22 April 2026
KEV Added
08 June 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.7992 99.1th percentile
Risk Priority 84 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2009-0563 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2009-0563 is a stack-based buffer overflow present in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1/SP2, Microsoft Office for Mac 2004 and 2008, Open XML File Format Converter for Mac, Microsoft Office Word Viewer 2003 SP3 and Word Viewer, and the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2. It stems from improper handling of a crafted tag containing an invalid length field within a Word document and is tracked as CWE-787 with a CVSS 3.1 score of 7.8.

An attacker can exploit the flaw by sending a specially crafted Word document to a victim, who triggers arbitrary code execution simply by opening the file in an affected application. The attack requires no authentication and succeeds under local access conditions when user interaction occurs.

References including US-CERT TA09-160A and associated vendor bulletins direct administrators to apply the patches released by Microsoft for the listed products and to exercise caution when handling untrusted Word documents from external sources.

EU & UK References

Vulnerability details

Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer;…

more

and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."

CWE(s)
KEV Date Added
08 June 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
office
2000, 2003, 2004, 2007, 2008
microsoft
office compatibility pack
2007
microsoft
office word viewer
2003, all versions
microsoft
open xml file format converter
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of vendor patches that eliminate the stack buffer overflow in the Word parsers.

prevent

Mandates validation of all input fields (including the malformed length tag) before they are processed by the application.

preventdetect

Requires malicious-code detection mechanisms that can inspect and block specially crafted Word documents before they are opened.

References