Vulnerabilities > CVE-2009-0102 - Resource Management Errors vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id | MS09-074 |
bulletin_url | |
date | 2009-12-08T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 967183 |
knowledgebase_url | |
severity | Critical |
title | Vulnerability in Microsoft Office Project Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS09-074.NASL |
description | The remote host contains a version of Microsoft Project that has a vulnerability in the way it validates memory that could be used by an attacker to execute arbitrary code on the remote host. To exploit this vulnerability, an attacker would need to spend a specially crafted Project document to a user on the remote host and lure him into opening it. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 43066 |
published | 2009-12-08 |
reporter | This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/43066 |
title | MS09-074: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) |
code |
|
Oval
accepted | 2012-05-28T04:02:05.809-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
definition_extensions |
| ||||||||||||||||
description | Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." | ||||||||||||||||
family | windows | ||||||||||||||||
id | oval:org.mitre.oval:def:6298 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2009-12-09T17:00:00 | ||||||||||||||||
title | Project Memory Validation Vulnerability | ||||||||||||||||
version | 8 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 37211 CVE ID: CVE-2009-0102 Project是微软Office套件中的项目管理和控制组件。 Project的winproj.exe服务在处理包含有畸形元素字段列表结构的特制Project文件时存在内存破坏漏洞。如果用户受骗打开了畸形文档,就可能触发这个漏洞,导致执行任意指令。 Microsoft Project 2003 SP3 Microsoft Project 2002 SP1 Microsoft Project 2000 SP1 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁: * 不要打开从不可信任来源接收或从可信任来源意外接收到的Project文件,如带有.mpp扩展名的文件。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS09-074)以及相应补丁: MS09-074:Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) 链接:http://www.microsoft.com/technet/security/bulletin/ms09-074.mspx?pf=true |
id | SSV:15049 |
last seen | 2017-11-19 |
modified | 2009-12-12 |
published | 2009-12-12 |
reporter | Root |
title | Microsoft Project无效资源内存分配远程代码执行漏洞(MS09-074) |
References
- http://www.us-cert.gov/cas/techalerts/TA09-342A.html
- http://www.us-cert.gov/cas/techalerts/TA09-342A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-074
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-074
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6298
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6298