Microsoft Office Art Property Table Memory Corruption

Added: 10/22/2009
CVE: CVE-2009-2528
BID: 36650
OSVDB: 58869


Microsoft Office is a package that provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. MS Office XP (2002) and MS Office 2000 use the Microsoft Windows GDI+ Application Programming Interface (API) to produce graphics and formatted text on both the video display and the printer instead of accessing graphics hardware directly.


A memory corruption vulnerability in the way MS Office handles malformed objects in Office Art Property Tables allows remote attackers to execute arbitrary code when a user opens a specially crafted Office document.


Apply the patches referenced in Microsoft Security Bulletin 09-062.



Exploit works on MS Office Word 2002 SP3.

User must open the exploit file in MS Office Word.

The CPAN modules IO::Uncompress and Compress::Zlib are required by this exploit in order to compress the data transfered from the exploit web server.



Back to exploit index