CyberSec.Space Logo
Back to CVE Browser

CVE-2009-0556

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score64.1720%
EPSS Percentile88.01th
PublishedApr 3, 2009
Last ModifiedApr 22, 2026

Vulnerability Description

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Office Powerpoint

= 2004
πŸ“¦
Microsoft

Powerpoint

= 2000
πŸ“¦
Microsoft

Powerpoint

= 2002
πŸ“¦
Microsoft

Powerpoint

= 2003

References & Advisories

πŸ”— http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx
πŸ”— http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx
πŸ”— http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx
πŸ”— http://osvdb.org/53182
πŸ”— http://secunia.com/advisories/34572
πŸ”— http://www.kb.cert.org/vuls/id/627331
πŸ”— http://www.microsoft.com/technet/security/advisory/969136.mspx
πŸ”— http://www.securityfocus.com/archive/1/503453/100/0/threaded

Related Vulnerabilities

CVE-2019-50199.8

A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Co...

CVE-2006-46949.3

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to exec...

CVE-2006-15409.3

MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service an...

CVE-2006-34359.3

PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a do...