CVE-2009-0088

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
63.0%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: April 15, 2009 (6238 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."

CWE

CWE-20

Affected Products

microsoft office converter packmicrosoft office wordmicrosoft windows 2000microsoft windows server 2003microsoft windows xp

References

🔗 labs.idefense.com 🔗 osvdb.org 🔗 www.securitytracker.com 🔗 www.us-cert.gov 🔗 www.vupen.com