Vulnerability-Lookup

CVE-2009-0556 (GCVE-0-2009-0556)

Vulnerability from cvelistv5 – Published: 2009-04-03 18:00 – Updated: 2026-01-08 04:55

CISA KEV KEVintel KEV

Summary

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: active Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

n/a
CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

microsoft

References

19 references

URL	Tags
http://www.zerodayinitiative.com/advisories/ZDI-09-019	x_refsource_MISC
http://blogs.technet.com/mmpc/archive/2009/04/02/…	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1290	vdb-entryx_refsource_VUPEN
http://osvdb.org/53182	vdb-entryx_refsource_OSVDB
https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/34351	vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2009/0915	vdb-entryx_refsource_VUPEN
http://blogs.technet.com/msrc/archive/2009/04/02/…	x_refsource_CONFIRM
http://blogs.technet.com/srd/archive/2009/04/02/i…	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/34572	third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1021967	vdb-entryx_refsource_SECTRACK
http://www.us-cert.gov/cas/techalerts/TA09-132A.html	third-party-advisoryx_refsource_CERT
http://www.microsoft.com/technet/security/advisor…	x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/627331	third-party-advisoryx_refsource_CERT-VN
http://www.securityfocus.com/archive/1/503453/100…	mailing-listx_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

Date Public

2009-04-02 00:00

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: b3466e6b-fb19-4ca7-b26c-4e27c84a34f9

Vulnerability ID: CVE-2009-0556

Status: Confirmed

Status Updated: 2026-01-07 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2026-01-07

Asserted: 2026-01-07

Scope

Notes: KEV entry: Microsoft Office PowerPoint Code Injection Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0556

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-94
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Office
Due Date	2026-01-28
Date Added	2026-01-07
Vendorproject	Microsoft
Vulnerabilityname	Microsoft Office PowerPoint Code Injection Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2009-0556

Created: 2026-02-02 12:25 UTC | Updated: 2026-02-06 07:17 UTC

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 072bcddf-978b-489e-ad3c-b10e4ff3429f

Vulnerability ID: CVE-2009-0556

Status: Confirmed

Status Updated: 2009-04-03 18:00 UTC

Exploited: Yes

Timestamps

First Seen: 2009-04-03

Asserted: 2009-04-03

Scope

Notes: KEVIntel entry: Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute... | Affected: Microsoft / Office PowerPoint | CVSS: 8.8 (HIGH) | EPSS: 0.67539 | Used in malware: unknown | Not yet in CISA KEV: False

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute...
Vendor	Microsoft
Product	Office PowerPoint
Added Date	2009-04-03T18:00:00.000Z
Cvss Score	8.8
Epss Score	0.67539
Cvss Severity	HIGH
Epss Percentile	0.99218
Used In Malware	unknown
Ahead Of Cisa Kev	`{ "count": 6269, "unit": "day" }`
Not Yet In Cisa Kev	False

References

Created: 2026-06-19 16:45 UTC | Updated: 2026-06-19 16:45 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:05.099Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx"
          },
          {
            "name": "ADV-2009-1290",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1290"
          },
          {
            "name": "53182",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/53182"
          },
          {
            "name": "MS09-017",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
          },
          {
            "name": "powerpoint-unspecified-code-execution(49632)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49632"
          },
          {
            "name": "34351",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34351"
          },
          {
            "name": "ADV-2009-0915",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0915"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx"
          },
          {
            "name": "oval:org.mitre.oval:def:6279",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279"
          },
          {
            "name": "34572",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34572"
          },
          {
            "name": "1021967",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021967"
          },
          {
            "name": "TA09-132A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/969136.mspx"
          },
          {
            "name": "VU#627331",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/627331"
          },
          {
            "name": "20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/503453/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:6204",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2009-0556",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-07T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-01-07",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-08T04:55:23.788Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-01-07T00:00:00.000Z",
            "value": "CVE-2009-0556 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \"Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx"
        },
        {
          "name": "ADV-2009-1290",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1290"
        },
        {
          "name": "53182",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/53182"
        },
        {
          "name": "MS09-017",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
        },
        {
          "name": "powerpoint-unspecified-code-execution(49632)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49632"
        },
        {
          "name": "34351",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34351"
        },
        {
          "name": "ADV-2009-0915",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0915"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx"
        },
        {
          "name": "oval:org.mitre.oval:def:6279",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279"
        },
        {
          "name": "34572",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34572"
        },
        {
          "name": "1021967",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021967"
        },
        {
          "name": "TA09-132A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/969136.mspx"
        },
        {
          "name": "VU#627331",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/627331"
        },
        {
          "name": "20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/503453/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:6204",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0556",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \"Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-019",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-019"
            },
            {
              "name": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx"
            },
            {
              "name": "ADV-2009-1290",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1290"
            },
            {
              "name": "53182",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/53182"
            },
            {
              "name": "MS09-017",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
            },
            {
              "name": "powerpoint-unspecified-code-execution(49632)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49632"
            },
            {
              "name": "34351",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34351"
            },
            {
              "name": "ADV-2009-0915",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0915"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx"
            },
            {
              "name": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx"
            },
            {
              "name": "oval:org.mitre.oval:def:6279",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279"
            },
            {
              "name": "34572",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34572"
            },
            {
              "name": "1021967",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021967"
            },
            {
              "name": "TA09-132A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/969136.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/969136.mspx"
            },
            {
              "name": "VU#627331",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/627331"
            },
            {
              "name": "20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/503453/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:6204",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-0556",
    "datePublished": "2009-04-03T18:00:00.000Z",
    "dateReserved": "2009-02-12T00:00:00.000Z",
    "dateUpdated": "2026-01-08T04:55:23.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2009-0556",
      "cwes": "[\"CWE-94\"]",
      "dateAdded": "2026-01-07",
      "dueDate": "2026-01-28",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0556",
      "product": "Office",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Office PowerPoint Code Injection Vulnerability"
    },
    "epss": {
      "cve": "CVE-2009-0556",
      "date": "2026-06-21",
      "epss": "0.67539",
      "percentile": "0.99218"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_powerpoint:2004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A192BD93-8778-4CA9-BC32-18F8290BF197\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2000:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"16844C40-F012-4C19-9028-D05014EBF7D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"34C63AE5-4584-4A51-B20D-36FA6DE01C86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2003:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"1778A4FF-FF69-403C-A607-6777AE685A13\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \\\"Memory Corruption Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad inespec\\u00edfica en Microsoft Office PowerPoint 2000 SP3, 2002 SP3, y 2003 SP3, y PowerPoint en Microsoft Office 2004 para Mac, permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de un fichero PowerPoint que inicia un acceso a un \\\"objeto no valido en memoria\\\", Esta siendo explotado desde Abril 2009 mediante un exploit; Win32/Apptom.gen\"}]",
      "id": "CVE-2009-0556",
      "lastModified": "2024-11-21T01:00:18.737",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-04-03T18:30:00.610",
      "references": "[{\"url\": \"http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/53182\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/34572\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/627331\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/969136.mspx\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/503453/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/34351\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1021967\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-132A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0915\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1290\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-019\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49632\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/53182\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/34572\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/627331\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/969136.mspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/503453/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/34351\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1021967\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-132A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0915\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1290\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-019\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49632\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0556\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-04-03T18:30:00.610\",\"lastModified\":\"2026-04-22T16:47:07.837\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \\\"Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad inespec\u00edfica en Microsoft Office PowerPoint 2000 SP3, 2002 SP3, y 2003 SP3, y PowerPoint en Microsoft Office 2004 para Mac, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero PowerPoint que inicia un acceso a un \\\"objeto no valido en memoria\\\", Esta siendo explotado desde Abril 2009 mediante un exploit; Win32/Apptom.gen\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2026-01-07\",\"cisaActionDue\":\"2026-01-28\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Microsoft Office PowerPoint Code Injection Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_powerpoint:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A192BD93-8778-4CA9-BC32-18F8290BF197\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"16844C40-F012-4C19-9028-D05014EBF7D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"34C63AE5-4584-4A51-B20D-36FA6DE01C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1778A4FF-FF69-403C-A607-6777AE685A13\"}]}]}],\"references\":[{\"url\":\"http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/53182\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/34572\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/627331\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/969136.mspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/503453/100/0/threaded\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/34351\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securitytracker.com/id?1021967\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-132A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0915\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1290\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-019\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49632\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/53182\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/34572\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/627331\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/969136.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/503453/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/34351\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securitytracker.com/id?1021967\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-132A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0915\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-019\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1290\", \"name\": \"ADV-2009-1290\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://osvdb.org/53182\", \"name\": \"53182\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017\", \"name\": \"MS09-017\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49632\", \"name\": \"powerpoint-unspecified-code-execution(49632)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/34351\", \"name\": \"34351\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0915\", \"name\": \"ADV-2009-0915\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279\", \"name\": \"oval:org.mitre.oval:def:6279\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/34572\", \"name\": \"34572\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id?1021967\", \"name\": \"1021967\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-132A.html\", \"name\": \"TA09-132A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/969136.mspx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/627331\", \"name\": \"VU#627331\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/503453/100/0/threaded\", \"name\": \"20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204\", \"name\": \"oval:org.mitre.oval:def:6204\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T04:40:05.099Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2009-0556\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-07T18:20:39.486841Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-01-07\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-06T21:45:09.744Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-01-07T00:00:00.000Z\", \"value\": \"CVE-2009-0556 added to CISA KEV\"}]}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2009-04-02T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-019\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1290\", \"name\": \"ADV-2009-1290\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://osvdb.org/53182\", \"name\": \"53182\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017\", \"name\": \"MS09-017\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49632\", \"name\": \"powerpoint-unspecified-code-execution(49632)\", \"tags\": [\"vdb-entry\", \"x_refsource_XF\"]}, {\"url\": \"http://www.securityfocus.com/bid/34351\", \"name\": \"34351\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0915\", \"name\": \"ADV-2009-0915\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279\", \"name\": \"oval:org.mitre.oval:def:6279\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://secunia.com/advisories/34572\", \"name\": \"34572\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://www.securitytracker.com/id?1021967\", \"name\": \"1021967\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-132A.html\", \"name\": \"TA09-132A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/969136.mspx\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/627331\", \"name\": \"VU#627331\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/503453/100/0/threaded\", \"name\": \"20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204\", \"name\": \"oval:org.mitre.oval:def:6204\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \\\"Memory Corruption Vulnerability.\\\"\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2018-10-12T19:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-019\", \"name\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-019\", \"refsource\": \"MISC\"}, {\"url\": \"http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx\", \"name\": \"http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1290\", \"name\": \"ADV-2009-1290\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://osvdb.org/53182\", \"name\": \"53182\", \"refsource\": \"OSVDB\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017\", \"name\": \"MS09-017\", \"refsource\": \"MS\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49632\", \"name\": \"powerpoint-unspecified-code-execution(49632)\", \"refsource\": \"XF\"}, {\"url\": \"http://www.securityfocus.com/bid/34351\", \"name\": \"34351\", \"refsource\": \"BID\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0915\", \"name\": \"ADV-2009-0915\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx\", \"name\": \"http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx\", \"name\": \"http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279\", \"name\": \"oval:org.mitre.oval:def:6279\", \"refsource\": \"OVAL\"}, {\"url\": \"http://secunia.com/advisories/34572\", \"name\": \"34572\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://www.securitytracker.com/id?1021967\", \"name\": \"1021967\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-132A.html\", \"name\": \"TA09-132A\", \"refsource\": \"CERT\"}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/969136.mspx\", \"name\": \"http://www.microsoft.com/technet/security/advisory/969136.mspx\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/627331\", \"name\": \"VU#627331\", \"refsource\": \"CERT-VN\"}, {\"url\": \"http://www.securityfocus.com/archive/1/503453/100/0/threaded\", \"name\": \"20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204\", \"name\": \"oval:org.mitre.oval:def:6204\", \"refsource\": \"OVAL\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \\\"Memory Corruption Vulnerability.\\\"\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2009-0556\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@microsoft.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2009-0556\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-08T04:55:23.788Z\", \"dateReserved\": \"2009-02-12T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2009-04-03T18:00:00.000Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTA-2009-ALE-005

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité de PowerPoint permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité de PowerPoint est exploitable par un utilisateur malveillant, par le biais d'un fichier PowerPoint spécialement conçu (.PPS ou .PPT). L'ouverture de ce fichier par un utilisateur du système vulnérable provoque l'exécution de code arbitraire avec les droits de cet utilisateur.

Cette vulnérabilité est actuellement exploitée. Des programmes malveillants (Exploit:Win32/Apptom pour Microsoft, Exploit:W32/Ppdropper pour F-secure...) circulent sur l'Internet.

Contournement provisoire

Dans l'attente d'un correctif, les mesures suivantes limitent la vulnérabilité du système :

utiliser une version non vulnérable (voir section Documentation) ou un logiciel alternatif ;
utiliser l'outil MOICE pour ouvrir un document suspect ;
utiliser la fonctionnalité Microsoft Office File Block pour les documents des versions inférieures ou égales à 2003, soit par édition de la base de registre, soit par application d'une GPO. Les instructions détaillées sont données dans le bulletin Microsoft (voir section Documentation) ;
ne pas ouvrir de document d'origine mal connue ou provenant de manière inattendue d'une source connue.

L'utilisation de l'ordinateur avec des droits limités permet d'atténuer l'impact de l'exploitation de la vulnérabilité.

Solution

Se référer à l'avis CERTA-2009-AVI-185 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Office	Microsoft Office 2004 pour Mac.
	Microsoft	Office	Microsoft Office PowerPoint 2000 SP3, 2002 SP3 (XP SP3), 2003 SP3 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft 969136 du 02 avril 2009	None	vendor-advisory
Avis CERTA-2009-AVI-185 du 13 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office 2004 pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3 (XP SP3), 2003 SP3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2009-05-13",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de PowerPoint est exploitable par un utilisateur\nmalveillant, par le biais d\u0027un fichier PowerPoint sp\u00e9cialement con\u00e7u\n(.PPS ou .PPT). L\u0027ouverture de ce fichier par un utilisateur du syst\u00e8me\nvuln\u00e9rable provoque l\u0027ex\u00e9cution de code arbitraire avec les droits de\ncet utilisateur.\n\nCette vuln\u00e9rabilit\u00e9 est actuellement exploit\u00e9e. Des programmes\nmalveillants (Exploit:Win32/Apptom pour Microsoft, Exploit:W32/Ppdropper\npour F-secure...) circulent sur l\u0027Internet.\n\n## Contournement provisoire\n\nDans l\u0027attente d\u0027un correctif, les mesures suivantes limitent la\nvuln\u00e9rabilit\u00e9 du syst\u00e8me :\n\n-   utiliser une version non vuln\u00e9rable (voir section Documentation) ou\n    un logiciel alternatif ;\n-   utiliser l\u0027outil MOICE pour ouvrir un document suspect ;\n-   utiliser la fonctionnalit\u00e9 Microsoft Office File Block pour les\n    documents des versions inf\u00e9rieures ou \u00e9gales \u00e0 2003, soit par\n    \u00e9dition de la base de registre, soit par application d\u0027une GPO. Les\n    instructions d\u00e9taill\u00e9es sont donn\u00e9es dans le bulletin Microsoft\n    (voir section Documentation) ;\n-   ne pas ouvrir de document d\u0027origine mal connue ou provenant de\n    mani\u00e8re inattendue d\u0027une source connue.\n\nL\u0027utilisation de l\u0027ordinateur avec des droits limit\u00e9s permet d\u0027att\u00e9nuer\nl\u0027impact de l\u0027exploitation de la vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer \u00e0 l\u0027avis CERTA-2009-AVI-185 pour l\u0027obtention des correctifs\n(cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0556"
    }
  ],
  "links": [
    {
      "title": "Avis CERTA-2009-AVI-185 du 13 mai 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-185/index.html"
    }
  ],
  "reference": "CERTA-2009-ALE-005",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-03T00:00:00.000000"
    },
    {
      "description": "mise \u00e0 disposition d\u0027un correctif par l\u0027\u00e9diteur, ajout de la r\u00e9f\u00e9rence de l\u0027avis correspondant.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de PowerPoint permet \u00e0 un utilisateur malveillant\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de PowerPoint",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft 969136 du 02 avril 2009",
      "url": "http://www.microsoft.com/technet/security/advisory/969136.mspx"
    }
  ]
}

CERTA-2009-ALE-005

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité de PowerPoint permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Cette vulnérabilité est actuellement exploitée. Des programmes malveillants (Exploit:Win32/Apptom pour Microsoft, Exploit:W32/Ppdropper pour F-secure...) circulent sur l'Internet.

Contournement provisoire

Dans l'attente d'un correctif, les mesures suivantes limitent la vulnérabilité du système :

utiliser une version non vulnérable (voir section Documentation) ou un logiciel alternatif ;
utiliser l'outil MOICE pour ouvrir un document suspect ;
utiliser la fonctionnalité Microsoft Office File Block pour les documents des versions inférieures ou égales à 2003, soit par édition de la base de registre, soit par application d'une GPO. Les instructions détaillées sont données dans le bulletin Microsoft (voir section Documentation) ;
ne pas ouvrir de document d'origine mal connue ou provenant de manière inattendue d'une source connue.

L'utilisation de l'ordinateur avec des droits limités permet d'atténuer l'impact de l'exploitation de la vulnérabilité.

Solution

Se référer à l'avis CERTA-2009-AVI-185 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Office	Microsoft Office 2004 pour Mac.
	Microsoft	Office	Microsoft Office PowerPoint 2000 SP3, 2002 SP3 (XP SP3), 2003 SP3 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft 969136 du 02 avril 2009	None	vendor-advisory
Avis CERTA-2009-AVI-185 du 13 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office 2004 pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3 (XP SP3), 2003 SP3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2009-05-13",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de PowerPoint est exploitable par un utilisateur\nmalveillant, par le biais d\u0027un fichier PowerPoint sp\u00e9cialement con\u00e7u\n(.PPS ou .PPT). L\u0027ouverture de ce fichier par un utilisateur du syst\u00e8me\nvuln\u00e9rable provoque l\u0027ex\u00e9cution de code arbitraire avec les droits de\ncet utilisateur.\n\nCette vuln\u00e9rabilit\u00e9 est actuellement exploit\u00e9e. Des programmes\nmalveillants (Exploit:Win32/Apptom pour Microsoft, Exploit:W32/Ppdropper\npour F-secure...) circulent sur l\u0027Internet.\n\n## Contournement provisoire\n\nDans l\u0027attente d\u0027un correctif, les mesures suivantes limitent la\nvuln\u00e9rabilit\u00e9 du syst\u00e8me :\n\n-   utiliser une version non vuln\u00e9rable (voir section Documentation) ou\n    un logiciel alternatif ;\n-   utiliser l\u0027outil MOICE pour ouvrir un document suspect ;\n-   utiliser la fonctionnalit\u00e9 Microsoft Office File Block pour les\n    documents des versions inf\u00e9rieures ou \u00e9gales \u00e0 2003, soit par\n    \u00e9dition de la base de registre, soit par application d\u0027une GPO. Les\n    instructions d\u00e9taill\u00e9es sont donn\u00e9es dans le bulletin Microsoft\n    (voir section Documentation) ;\n-   ne pas ouvrir de document d\u0027origine mal connue ou provenant de\n    mani\u00e8re inattendue d\u0027une source connue.\n\nL\u0027utilisation de l\u0027ordinateur avec des droits limit\u00e9s permet d\u0027att\u00e9nuer\nl\u0027impact de l\u0027exploitation de la vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer \u00e0 l\u0027avis CERTA-2009-AVI-185 pour l\u0027obtention des correctifs\n(cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0556"
    }
  ],
  "links": [
    {
      "title": "Avis CERTA-2009-AVI-185 du 13 mai 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-185/index.html"
    }
  ],
  "reference": "CERTA-2009-ALE-005",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-03T00:00:00.000000"
    },
    {
      "description": "mise \u00e0 disposition d\u0027un correctif par l\u0027\u00e9diteur, ajout de la r\u00e9f\u00e9rence de l\u0027avis correspondant.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de PowerPoint permet \u00e0 un utilisateur malveillant\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de PowerPoint",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft 969136 du 02 avril 2009",
      "url": "http://www.microsoft.com/technet/security/advisory/969136.mspx"
    }
  ]
}

CERTA-2009-AVI-185

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft Office PowerPoint permettant l'exécution de code arbitraire à distance ont été corrigées.

Description

De multiples vulnérabilités dans Microsoft Office PowerPoint permettent à une personne malintentionnée d'exécuter du code arbitraire à distance au moyen d'un fichier spécialement conçu.

L'une des vulnérabilités corrigées est exploitée sur l'Internet et a fait l'objet de l'alerte CERTA-2009-ALE-005.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). Les mises à jour pour Mac et Microsoft Works seront disponnibles prochainement.

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Pack de compatibilité Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 1 ;
Microsoft	Office	Microsoft Office PowerPoint 2007 Service Pack 2 ;
Microsoft	N/A	PowerPoint Viewer 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office PowerPoint 2007 Service Pack 1 ;
Microsoft	N/A	PowerPoint Viewer 2003 ;
Microsoft	Office	Microsoft Office PowerPoint 2002 Service Pack 3 ;
Microsoft	Office	Microsoft Office PowerPoint 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2008 pour Mac ;
Microsoft	N/A	Microsoft Works 9.0.
Microsoft	N/A	Microsoft Works 8.5 ;
Microsoft	Office	Microsoft Office PowerPoint 2000 Service Pack 3 ;
Microsoft	N/A	PowerPoint Viewer 2007 Service Pack 1 ;
Microsoft	Office	Pack de compatibilité Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 2 ;
Microsoft	N/A	Convertisseur de formats de fichier Open XML pour Mac ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-017 du 12 mai 2009	None	vendor-advisory
Bulletin de sécurité Microsoft MS08-017 du 12 mai 2009 :	-	other
Bulletin de sécurité Microsoft MS08-017 du 12 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pack de compatibilit\u00e9 Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerPoint Viewer 2007 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerPoint Viewer 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2002 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Works 9.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Works 8.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerPoint Viewer 2007 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Pack de compatibilit\u00e9 Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Convertisseur de formats de fichier Open XML pour Mac ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office PowerPoint permettent\n\u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance\nau moyen d\u0027un fichier sp\u00e9cialement con\u00e7u.\n\nL\u0027une des vuln\u00e9rabilit\u00e9s corrig\u00e9es est exploit\u00e9e sur l\u0027Internet et a\nfait l\u0027objet de l\u0027alerte CERTA-2009-ALE-005.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). Les mises \u00e0 jour pour Mac et\nMicrosoft Works seront disponnibles prochainement.\n",
  "cves": [
    {
      "name": "CVE-2009-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0227"
    },
    {
      "name": "CVE-2009-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0225"
    },
    {
      "name": "CVE-2009-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1128"
    },
    {
      "name": "CVE-2009-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0226"
    },
    {
      "name": "CVE-2009-0220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0220"
    },
    {
      "name": "CVE-2009-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1129"
    },
    {
      "name": "CVE-2009-1130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1130"
    },
    {
      "name": "CVE-2009-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0224"
    },
    {
      "name": "CVE-2009-0556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0556"
    },
    {
      "name": "CVE-2009-1137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1137"
    },
    {
      "name": "CVE-2009-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0222"
    },
    {
      "name": "CVE-2009-0221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0221"
    },
    {
      "name": "CVE-2009-1131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1131"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-017 du 12 mai 2009 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-017.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-017 du 12 mai 2009 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS08-017.mspx"
    }
  ],
  "reference": "CERTA-2009-AVI-185",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eMicrosoft Office\nPowerPoint\u003c/span\u003e permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\nont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft PowerPoint",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-017 du 12 mai 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-185

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft Office PowerPoint permettant l'exécution de code arbitraire à distance ont été corrigées.

Description

De multiples vulnérabilités dans Microsoft Office PowerPoint permettent à une personne malintentionnée d'exécuter du code arbitraire à distance au moyen d'un fichier spécialement conçu.

L'une des vulnérabilités corrigées est exploitée sur l'Internet et a fait l'objet de l'alerte CERTA-2009-ALE-005.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). Les mises à jour pour Mac et Microsoft Works seront disponnibles prochainement.

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Pack de compatibilité Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 1 ;
Microsoft	Office	Microsoft Office PowerPoint 2007 Service Pack 2 ;
Microsoft	N/A	PowerPoint Viewer 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office PowerPoint 2007 Service Pack 1 ;
Microsoft	N/A	PowerPoint Viewer 2003 ;
Microsoft	Office	Microsoft Office PowerPoint 2002 Service Pack 3 ;
Microsoft	Office	Microsoft Office PowerPoint 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2008 pour Mac ;
Microsoft	N/A	Microsoft Works 9.0.
Microsoft	N/A	Microsoft Works 8.5 ;
Microsoft	Office	Microsoft Office PowerPoint 2000 Service Pack 3 ;
Microsoft	N/A	PowerPoint Viewer 2007 Service Pack 1 ;
Microsoft	Office	Pack de compatibilité Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 2 ;
Microsoft	N/A	Convertisseur de formats de fichier Open XML pour Mac ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-017 du 12 mai 2009	None	vendor-advisory
Bulletin de sécurité Microsoft MS08-017 du 12 mai 2009 :	-	other
Bulletin de sécurité Microsoft MS08-017 du 12 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pack de compatibilit\u00e9 Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerPoint Viewer 2007 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerPoint Viewer 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2002 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Works 9.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Works 8.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerPoint Viewer 2007 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Pack de compatibilit\u00e9 Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Convertisseur de formats de fichier Open XML pour Mac ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office PowerPoint permettent\n\u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance\nau moyen d\u0027un fichier sp\u00e9cialement con\u00e7u.\n\nL\u0027une des vuln\u00e9rabilit\u00e9s corrig\u00e9es est exploit\u00e9e sur l\u0027Internet et a\nfait l\u0027objet de l\u0027alerte CERTA-2009-ALE-005.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). Les mises \u00e0 jour pour Mac et\nMicrosoft Works seront disponnibles prochainement.\n",
  "cves": [
    {
      "name": "CVE-2009-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0227"
    },
    {
      "name": "CVE-2009-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0225"
    },
    {
      "name": "CVE-2009-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1128"
    },
    {
      "name": "CVE-2009-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0226"
    },
    {
      "name": "CVE-2009-0220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0220"
    },
    {
      "name": "CVE-2009-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1129"
    },
    {
      "name": "CVE-2009-1130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1130"
    },
    {
      "name": "CVE-2009-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0224"
    },
    {
      "name": "CVE-2009-0556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0556"
    },
    {
      "name": "CVE-2009-1137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1137"
    },
    {
      "name": "CVE-2009-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0222"
    },
    {
      "name": "CVE-2009-0221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0221"
    },
    {
      "name": "CVE-2009-1131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1131"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-017 du 12 mai 2009 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-017.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-017 du 12 mai 2009 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS08-017.mspx"
    }
  ],
  "reference": "CERTA-2009-AVI-185",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eMicrosoft Office\nPowerPoint\u003c/span\u003e permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\nont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft PowerPoint",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-017 du 12 mai 2009",
      "url": null
    }
  ]
}

FKIE_CVE-2009-0556

Vulnerability from fkie_nvd - Published: 2009-04-03 18:30 - Updated: 2026-06-16 23:05

CISA KEV KEVintel KEV

Severity

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx	Vendor Advisory
secure@microsoft.com	http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx	Vendor Advisory
secure@microsoft.com	http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx	Vendor Advisory
secure@microsoft.com	http://osvdb.org/53182	Broken Link
secure@microsoft.com	http://secunia.com/advisories/34572	Vendor Advisory
secure@microsoft.com	http://www.kb.cert.org/vuls/id/627331	US Government Resource
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/969136.mspx	Patch, Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/archive/1/503453/100/0/threaded	Broken Link
secure@microsoft.com	http://www.securityfocus.com/bid/34351	Broken Link
secure@microsoft.com	http://www.securitytracker.com/id?1021967	Broken Link
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-132A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/0915	Vendor Advisory
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/1290	Broken Link
secure@microsoft.com	http://www.zerodayinitiative.com/advisories/ZDI-09-019	Third Party Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017	Vendor Advisory
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/49632	Third Party Advisory
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204	Broken Link
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/53182	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34572	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/627331	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/969136.mspx	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/503453/100/0/threaded	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34351	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021967	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-132A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0915	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1290	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-09-019	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49632	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279	Broken Link
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556	US Government Resource

Impacted products

Vendor	Product	Version
microsoft	office_powerpoint	2004
microsoft	powerpoint	2000
microsoft	powerpoint	2002
microsoft	powerpoint	2003

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "secure@microsoft.com"
    }
  ],
  "cisaActionDue": "2026-01-28",
  "cisaExploitAdd": "2026-01-07",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Microsoft Office PowerPoint Code Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "A192BD93-8778-4CA9-BC32-18F8290BF197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "16844C40-F012-4C19-9028-D05014EBF7D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "34C63AE5-4584-4A51-B20D-36FA6DE01C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "1778A4FF-FF69-403C-A607-6777AE685A13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \"Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad inespec\u00edfica en Microsoft Office PowerPoint 2000 SP3, 2002 SP3, y 2003 SP3, y PowerPoint en Microsoft Office 2004 para Mac, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero PowerPoint que inicia un acceso a un \"objeto no valido en memoria\", Esta siendo explotado desde Abril 2009 mediante un exploit; Win32/Apptom.gen"
    }
  ],
  "id": "CVE-2009-0556",
  "lastModified": "2026-06-16T23:05:17.900",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2009-0556",
          "options": [
            {
              "exploitation": "active"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-01-07T00:00:00+00:00",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2009-04-03T18:30:00.610",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/53182"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34572"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/627331"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/969136.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/archive/1/503453/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/34351"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id?1021967"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0915"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1290"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-019"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49632"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/53182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/627331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/969136.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/archive/1/503453/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/34351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id?1021967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-W25V-2MF8-86HR

Vulnerability from github – Published: 2022-05-02 03:16 – Updated: 2026-01-07 21:31

Details

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0556"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-03T18:30:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \"Memory Corruption Vulnerability.\"",
  "id": "GHSA-w25v-2mf8-86hr",
  "modified": "2026-01-07T21:31:35Z",
  "published": "2022-05-02T03:16:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0556"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49632"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/53182"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34572"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/627331"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/969136.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/503453/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34351"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021967"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0915"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1290"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2009-0556

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0556

Aliases

CVE-2009-0556

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0556",
    "description": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \"Memory Corruption Vulnerability.\"",
    "id": "GSD-2009-0556"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0556"
      ],
      "details": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \"Memory Corruption Vulnerability.\"",
      "id": "GSD-2009-0556",
      "modified": "2023-12-13T01:19:43.845415Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-0556",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \"Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-019",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-019"
          },
          {
            "name": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx",
            "refsource": "CONFIRM",
            "url": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx"
          },
          {
            "name": "ADV-2009-1290",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1290"
          },
          {
            "name": "53182",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/53182"
          },
          {
            "name": "MS09-017",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
          },
          {
            "name": "powerpoint-unspecified-code-execution(49632)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49632"
          },
          {
            "name": "34351",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34351"
          },
          {
            "name": "ADV-2009-0915",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0915"
          },
          {
            "name": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx",
            "refsource": "CONFIRM",
            "url": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx"
          },
          {
            "name": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx",
            "refsource": "CONFIRM",
            "url": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx"
          },
          {
            "name": "oval:org.mitre.oval:def:6279",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279"
          },
          {
            "name": "34572",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34572"
          },
          {
            "name": "1021967",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021967"
          },
          {
            "name": "TA09-132A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
          },
          {
            "name": "http://www.microsoft.com/technet/security/advisory/969136.mspx",
            "refsource": "CONFIRM",
            "url": "http://www.microsoft.com/technet/security/advisory/969136.mspx"
          },
          {
            "name": "VU#627331",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/627331"
          },
          {
            "name": "20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/503453/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:6204",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2003:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_powerpoint:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2000:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0556"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \"Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx"
            },
            {
              "name": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/969136.mspx",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/969136.mspx"
            },
            {
              "name": "34351",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34351"
            },
            {
              "name": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx"
            },
            {
              "name": "VU#627331",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/627331"
            },
            {
              "name": "1021967",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021967"
            },
            {
              "name": "53182",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/53182"
            },
            {
              "name": "ADV-2009-0915",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0915"
            },
            {
              "name": "34572",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34572"
            },
            {
              "name": "ADV-2009-1290",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1290"
            },
            {
              "name": "TA09-132A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-019",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-019"
            },
            {
              "name": "powerpoint-unspecified-code-execution(49632)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49632"
            },
            {
              "name": "oval:org.mitre.oval:def:6279",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279"
            },
            {
              "name": "oval:org.mitre.oval:def:6204",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204"
            },
            {
              "name": "20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/503453/100/0/threaded"
            },
            {
              "name": "MS09-017",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:50Z",
      "publishedDate": "2009-04-03T18:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0556 (GCVE-0-2009-0556)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Successful Exploitation Confidence: 70% Source: kevintel

Details

References

CERTA-2009-ALE-005

Description

Contournement provisoire

Solution

CERTA-2009-ALE-005

Description

Contournement provisoire

Solution

CERTA-2009-AVI-185

Description

Solution

CERTA-2009-AVI-185

Description

Solution

FKIE_CVE-2009-0556

GHSA-W25V-2MF8-86HR

GSD-2009-0556

Tags

Sightings

Nomenclature