Microsoft Office Project Remote Code Execution Vulnerability (967183) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS09-074.

Impact

Successful exploitation will allow remote attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted document. Impact Level: System/Apllication

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms09-074.mspx

Insight

This issue is due to application not properly validating resource allocations when opening Project files.

Affected

Microsoft Project 2002 Service Pack 1 Microsoft Project 2000 Service Release 1 Microsoft Office Project 2003 Service Pack 3

References

http://support.microsoft.com/kb/961079
http://support.microsoft.com/kb/961082
http://support.microsoft.com/kb/961083
http://www.microsoft.com/technet/security/bulletin/MS09-074.mspx
http://www.vupen.com/english/advisories/2009/3439

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0102
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
Microsoft Hyper-V Privilege Elevation Vulnerability (2893986)
Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)

Take action and discover your vulnerabilities