TROYANOSYVIRUS
Voltar para CVEs

CVE-2009-0556

HIGHCISA KEV
8.8

Descricao

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."

Detalhes CVE

Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado4/3/2009
Ultima modificacao4/22/2026
Fontekev
Avistamentos honeypot0

CISA KEV

FornecedorMicrosoft
ProdutoOffice
Nome da vulnerabilidadeMicrosoft Office PowerPoint Code Injection Vulnerability
Data inclusao KEV2026-01-07
Prazo de remediacao2026-01-28
Uso em ransomwareUnknown

Produtos afetados

microsoft:office_powerpointmicrosoft:powerpoint

Fraquezas (CWE)

CWE-94CWE-94

Referencias

http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx(secure@microsoft.com)
http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx(secure@microsoft.com)
http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx(secure@microsoft.com)
http://osvdb.org/53182(secure@microsoft.com)
http://secunia.com/advisories/34572(secure@microsoft.com)
http://www.kb.cert.org/vuls/id/627331(secure@microsoft.com)
http://www.microsoft.com/technet/security/advisory/969136.mspx(secure@microsoft.com)
http://www.securityfocus.com/archive/1/503453/100/0/threaded(secure@microsoft.com)
http://www.securityfocus.com/bid/34351(secure@microsoft.com)
http://www.securitytracker.com/id?1021967(secure@microsoft.com)
http://www.us-cert.gov/cas/techalerts/TA09-132A.html(secure@microsoft.com)
http://www.vupen.com/english/advisories/2009/0915(secure@microsoft.com)
http://www.vupen.com/english/advisories/2009/1290(secure@microsoft.com)
http://www.zerodayinitiative.com/advisories/ZDI-09-019(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017(secure@microsoft.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49632(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204(secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279(secure@microsoft.com)
http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/53182(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34572(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/627331(af854a3a-2127-422b-91ae-364da2661108)
http://www.microsoft.com/technet/security/advisory/969136.mspx(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/503453/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/34351(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021967(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA09-132A.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0915(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/1290(af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-09-019(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49632(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.