CVE-2009-0556

Published: Apr 3, 2009Modified: Apr 22, 2026CISA KEV

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."

Affected (4)

Products: Microsoft: Office Powerpoint, Powerpoint

2 products

Office Powerpoint

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office Powerpoint	Version 2004
Microsoft Powerpoint	Version 2000 sp3
Microsoft Powerpoint	Version 2002 sp3
Microsoft Powerpoint	Version 2003 sp3

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (37)

http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx

Source: secure@microsoft.com

Vendor Advisory

http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx

Source: secure@microsoft.com

Vendor Advisory

http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx

Source: secure@microsoft.com

Vendor Advisory

http://osvdb.org/53182

Source: secure@microsoft.com

Broken Link

http://secunia.com/advisories/34572

Source: secure@microsoft.com

Vendor Advisory

http://www.kb.cert.org/vuls/id/627331

Source: secure@microsoft.com

US Government Resource

http://www.microsoft.com/technet/security/advisory/969136.mspx

Source: secure@microsoft.com

PatchVendor Advisory

http://www.securityfocus.com/archive/1/503453/100/0/threaded

Source: secure@microsoft.com

Broken Link

http://www.securityfocus.com/bid/34351

Source: secure@microsoft.com

Broken Link

http://www.securitytracker.com/id?1021967

Source: secure@microsoft.com

Broken Link

http://www.us-cert.gov/cas/techalerts/TA09-132A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2009/0915

Source: secure@microsoft.com

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1290

Source: secure@microsoft.com

Broken Link

http://www.zerodayinitiative.com/advisories/ZDI-09-019

Source: secure@microsoft.com

Third Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017

Source: secure@microsoft.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49632

Source: secure@microsoft.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204

Source: secure@microsoft.com

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279

Source: secure@microsoft.com

Broken Link

http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://osvdb.org/53182

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/34572

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.kb.cert.org/vuls/id/627331

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.microsoft.com/technet/security/advisory/969136.mspx

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/archive/1/503453/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/bid/34351

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securitytracker.com/id?1021967

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.us-cert.gov/cas/techalerts/TA09-132A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2009/0915

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1290

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.zerodayinitiative.com/advisories/ZDI-09-019

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49632

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.