Vigil@nce - Microsoft Project: code execution - vulnerability bulletin CVE-2009-0102


we track for your security since 1999

resources

Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability bulletin CVE-2009-0102 Microsoft Project: code execution
Synthesis of the vulnerability

An attacker can invite the victim to open a malicious file with Microsoft Project in order to execute code in his computer.

Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 09/12/2009.

Impacted products

Microsoft Office Project versions

Description of the vulnerability

When the victim opens a malicious Microsoft Project file, an allocation error occurs and corrupts the memory.

Technical details are unknown.

An attacker can thus invite the victim to open a malicious file with Microsoft Project in order to execute code in his computer.

Characteristics

Title: Microsoft Project: code execution
Identifiers: 967183, BID-37211, CVE-2009-0102, MS09-074, VIGILANCE-VUL-9248.
Url: https://vigilance.fr/tree/1/9248

Information sources

Publications and announces
Source example: MS09-074 - Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)

Solutions for this vulnerability

Patch or workaround