返回 CVE 浏览器

CVE-2009-0556

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score64.1720%

EPSS Percentile88.01th

Published2009年4月3日

Last Modified2026年4月22日

Vulnerability Description

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."

Affected Platforms (CPE)

📦

Microsoft

Office Powerpoint

= 2004

📦

Microsoft

Powerpoint

= 2000

📦

Microsoft

Powerpoint

= 2002

📦

Microsoft

Powerpoint

= 2003

References & Advisories

🔗 http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx

🔗 http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx

🔗 http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx

🔗 http://osvdb.org/53182

🔗 http://secunia.com/advisories/34572

🔗 http://www.kb.cert.org/vuls/id/627331

🔗 http://www.microsoft.com/technet/security/advisory/969136.mspx

🔗 http://www.securityfocus.com/archive/1/503453/100/0/threaded

相关漏洞威胁

CVE-2019-50199.8

A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Co...

CVE-2006-46949.3

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to exec...

CVE-2006-15409.3

MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service an...

CVE-2006-34359.3

PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a do...