Unrated severityNVD Advisory· Published Dec 9, 2009· Updated Apr 23, 2026

CVE-2009-0102

Description

Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."

Affected products

Microsoft/Office Project2 versions
cpe:2.3:a:microsoft:office_project:2007:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:office_project:2007:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_project:2007:sp2:*:*:*:*:*:*
Microsoft/Project Portfolio Server2 versions
cpe:2.3:a:microsoft:project_portfolio_server:2007:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:project_portfolio_server:2007:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:project_portfolio_server:2007:sp2:*:*:*:*:*:*
Microsoft/Project Server3 versions
cpe:2.3:a:microsoft:project_server:2003:sp3:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:project_server:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:project_server:2007:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:project_server:2007:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.038
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000