{"id":"CVE-2009-1515","details":"Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file.  NOTE: some of these details are obtained from third party information.","modified":"2025-08-09T19:01:27Z","published":"2009-05-04T16:30:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/34881"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"},{"type":"EVIDENCE","url":"http://www.securityfocus.com/bid/34745"},{"type":"WEB","url":"ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"},{"type":"WEB","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"},{"type":"WEB","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"},{"type":"WEB","url":"http://mx.gw.com/pipermail/file/2009/000379.html"},{"type":"WEB","url":"http://www.osvdb.org/54100"}],"schema_version":"1.7.3"}