← back
CVE-2009-0556

CVE-2009-0556

CVSS 8.8 HIGHEPSS 67.5%● KEVCWE-94
In short

A flaw in Microsoft PowerPoint allows attackers to run malicious code by sending a specially crafted PowerPoint file that corrupts memory when opened. This can give attackers full control of your computer.

Technical detail

CVE-2009-0556 is a memory corruption vulnerability in PowerPoint 2000-2003 (and Mac Office 2004) triggered by a malformed OutlineTextRefAtom with an invalid index value in a .ppt file. The attack requires user interaction (opening the file) and results in arbitrary code execution with user privileges. This was actively exploited by Exploit:Win32/Apptom.gen in April 2009.

Summary generated and translated by AI from the official description.
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspxhttp://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspxhttp://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspxhttp://osvdb.org/53182https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017http://secunia.com/advisories/34572https://exchange.xforce.ibmcloud.com/vulnerabilities/49632https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556http://www.kb.cert.org/vuls/id/627331http://www.microsoft.com/technet/security/advisory/969136.mspx