← Retour aux CVEs
CVE-2009-0556
HIGHCISA KEV8.8
Description
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie4/3/2009
Derniere modification4/22/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurMicrosoft
ProduitOffice
Nom vulnerabiliteMicrosoft Office PowerPoint Code Injection Vulnerability
Date ajout KEV2026-01-07
Date limite remediation2026-01-28
Utilise dans ransomwareUnknown
Produits affectes
microsoft:office_powerpointmicrosoft:powerpoint
Faiblesses (CWE)
CWE-94CWE-94
References
http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx(secure@microsoft.com)
http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx(secure@microsoft.com)
http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx(secure@microsoft.com)
http://osvdb.org/53182(secure@microsoft.com)
http://secunia.com/advisories/34572(secure@microsoft.com)
http://www.kb.cert.org/vuls/id/627331(secure@microsoft.com)
http://www.microsoft.com/technet/security/advisory/969136.mspx(secure@microsoft.com)
http://www.securityfocus.com/archive/1/503453/100/0/threaded(secure@microsoft.com)
http://www.securityfocus.com/bid/34351(secure@microsoft.com)
http://www.securitytracker.com/id?1021967(secure@microsoft.com)
http://www.us-cert.gov/cas/techalerts/TA09-132A.html(secure@microsoft.com)
http://www.vupen.com/english/advisories/2009/0915(secure@microsoft.com)
http://www.vupen.com/english/advisories/2009/1290(secure@microsoft.com)
http://www.zerodayinitiative.com/advisories/ZDI-09-019(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017(secure@microsoft.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49632(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279(secure@microsoft.com)
http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/53182(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34572(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/627331(af854a3a-2127-422b-91ae-364da2661108)
http://www.microsoft.com/technet/security/advisory/969136.mspx(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/503453/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/34351(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021967(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA09-132A.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0915(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/1290(af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-09-019(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49632(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.