CVSS: 9.3EPSS: 54%CPEs: 3EXPL: 0CVE-2009-1128
https://notcve.org/view.php?id=CVE-2009-1128
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129. Microsoft Office PowerPoint 2000 SP3, 2002 SP3, y 2003 SP permite a atacantes remotos ejecutar código de su eleccióna través de datos de sonido manipulados en un fichero que utiliza un formato de fichero nativo en PowerPoint 95, que lleva a una corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de memoria PP7" una vulnerabilidad diferente a CVE-2009-1129. • http://secunia.com/advisories/32428 http://www.securityfocus.com/bid/34837 http://www.securitytracker.com/id?1022205 http://www.us-cert.gov/cas/techalerts/TA09-132A.html http://www.vupen.com/english/advisories/2009/1290 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5416 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 91%CPEs: 3EXPL: 0CVE-2009-1129
https://notcve.org/view.php?id=CVE-2009-1129
Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128. Múltiples desbordamientos de búfer en la región stack de la memoria en el importador de PowerPoint 95 (biblioteca PP7X32. DLL) en Office PowerPoint 2000 SP3, 2002 SP3 y 2003 SP3 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de una longitud de registro inconsistente en datos de sonido en un archivo que utiliza un formato de archivo nativo de PowerPoint 95 (PPT95), también se conoce como "PP7 Memory Corruption Vulnerability", una vulnerabilidad diferente de CVE-2009-1128. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=791 http://osvdb.org/54387 http://secunia.com/advisories/32428 http://www.securityfocus.com/bid/34839 http://www.securitytracker.com/id?1022205 http://www.us-cert.gov/cas/techalerts/TA09-132A.html http://www.vupen.com/english/advisories/2009/1290 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6176 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 88%CPEs: 1EXPL: 0CVE-2009-1131
https://notcve.org/view.php?id=CVE-2009-1131
Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability." Múltiples desbordamientos del búfer basados en pila en Microsoft Office PowerPoint 2000 SP3 permite a atacantes remotos ejecutar código de su elección a través de una cantidad grande de datos asociados con átomos sin especificar en un fichero PowerPoint que provoca una corrupción de memoria, también conocido como "Vulnerabilidad de datos fuera de los límites" • http://osvdb.org/54393 http://secunia.com/advisories/32428 http://secunia.com/secunia_research/2008-46 http://www.securityfocus.com/archive/1/503451 http://www.securityfocus.com/bid/34841 http://www.securitytracker.com/id?1022205 http://www.us-cert.gov/cas/techalerts/TA09-132A.html http://www.vupen.com/english/advisories/2009/1290 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 92%CPEs: 3EXPL: 0CVE-2009-1137
https://notcve.org/view.php?id=CVE-2009-1137
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227. Microsoft Office PowerPoint 2000 SP3, 2002 SP3, y 2003 SP3 permite a atacantes remotos ejecutar código de su elección a través de datos de sonido manipulados en un fichero que utiliza un formato de fichero nativo en PowerPoint 4.0, que lleva a una corrupción de memoria, también conocido como "Vulnerabilidad de formato de fichero legado" una vulnerabilidad diferente a VE-2009-0222, CVE-2009-0223, CVE-2009-0226, y CVE-2009-0227. • http://osvdb.org/54381 http://secunia.com/advisories/32428 http://www.securityfocus.com/bid/34876 http://www.securitytracker.com/id?1022205 http://www.us-cert.gov/cas/techalerts/TA09-132A.html http://www.vupen.com/english/advisories/2009/1290 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 https://exchange.xforce.ibmcloud.com/vulnerabilities/50425 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5946 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 83%CPEs: 3EXPL: 0CVE-2009-1130 – Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1130
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability." Un desbordamiento de búfer en la región heap de la memoria en Office PowerPoint 2002 SP3 y 2003 SP3, y PowerPoint en Office 2004 para Mac, de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de una estructura diseñada en un contenedor de Notes en un archivo de PowerPoint que causa que PowerPoint lea más datos de los que se asignaron al crear un objeto C++, conllevando a una sobrescritura de un puntero de función, también se conoce como "Heap Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office's PowerPoint. User interaction is required to exploit this vulnerability in that the target must open up a malicious file. The vulnerability exists within the parsing of certain structures inside a Notes container. During population of a C++ object when reading the Notes container, Powerpoint incorrectly reads more data than was allocated for overwriting a function pointer for the object which is later used in a call from mso.dll. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794 http://secunia.com/advisories/32428 http://www.securityfocus.com/archive/1/503454 http://www.securityfocus.com/bid/34840 http://www.securitytracker.com/id?1022205 http://www.us-cert.gov/cas/techalerts/TA09-132A.html http://www.vupen.com/english/advisories/2009/1290 http://www.zerodayinitiative.com/advisories/ZDI-09-020 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •