CVE-2009-0102

CVE Database · CVE-2009-0102

CVE-2009-0102

· N/AModified

CVSS v3.1

N/A

EPSS

23.50%

Published

Dec 9, 2009

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."

Weaknesses (CWE)

CWE-399

Affected Products (7)

microsoft · office_projectvulnerable

microsoft · project_portfolio_servervulnerable

microsoft · project_servervulnerable

References (6)

http://www.us-cert.gov/cas/techalerts/TA09-342A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-074

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6298

http://www.us-cert.gov/cas/techalerts/TA09-342A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-074

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6298

KEV Catalog EPSS Scores Vendors All CVEs