CVSS: 9.3EPSS: 85%CPEs: 3EXPL: 0CVE-2009-0227
https://notcve.org/view.php?id=CVE-2009-0227
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137. Un desbordamiento de búfer en la región stack de la memoria en el filtro de conversión de PowerPoint versión 4.2 (biblioteca PP4X32. DLL) en Office PowerPoint 2000 SP3, 2002 SP3 y 2003 SP3 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un gran número de estructuras en datos de sonido en un archivo que utiliza un formato de archivo nativo de PowerPoint versión 4.0, conllevando a una corrupción de memoria, también se conoce como "Legacy File Format Vulnerability", una vulnerabilidad diferente a los CVE-2009-0222, CVE-2009-0223, CVE-2009-0226 y CVE-2009-1137. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=787 http://osvdb.org/54384 http://secunia.com/advisories/32428 http://www.securityfocus.com/bid/34882 http://www.securitytracker.com/id?1022205 http://www.us-cert.gov/cas/techalerts/TA09-132A.html http://www.vupen.com/english/advisories/2009/1290 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6239 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 85%CPEs: 3EXPL: 0CVE-2009-1129
https://notcve.org/view.php?id=CVE-2009-1129
Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128. Múltiples desbordamientos de búfer en la región stack de la memoria en el importador de PowerPoint 95 (biblioteca PP7X32. DLL) en Office PowerPoint 2000 SP3, 2002 SP3 y 2003 SP3 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de una longitud de registro inconsistente en datos de sonido en un archivo que utiliza un formato de archivo nativo de PowerPoint 95 (PPT95), también se conoce como "PP7 Memory Corruption Vulnerability", una vulnerabilidad diferente de CVE-2009-1128. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=791 http://osvdb.org/54387 http://secunia.com/advisories/32428 http://www.securityfocus.com/bid/34839 http://www.securitytracker.com/id?1022205 http://www.us-cert.gov/cas/techalerts/TA09-132A.html http://www.vupen.com/english/advisories/2009/1290 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6176 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 86%CPEs: 3EXPL: 0CVE-2009-1137
https://notcve.org/view.php?id=CVE-2009-1137
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227. Microsoft Office PowerPoint 2000 SP3, 2002 SP3, y 2003 SP3 permite a atacantes remotos ejecutar código de su elección a través de datos de sonido manipulados en un fichero que utiliza un formato de fichero nativo en PowerPoint 4.0, que lleva a una corrupción de memoria, también conocido como "Vulnerabilidad de formato de fichero legado" una vulnerabilidad diferente a VE-2009-0222, CVE-2009-0223, CVE-2009-0226, y CVE-2009-0227. • http://osvdb.org/54381 http://secunia.com/advisories/32428 http://www.securityfocus.com/bid/34876 http://www.securitytracker.com/id?1022205 http://www.us-cert.gov/cas/techalerts/TA09-132A.html http://www.vupen.com/english/advisories/2009/1290 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 https://exchange.xforce.ibmcloud.com/vulnerabilities/50425 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5946 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 77%CPEs: 3EXPL: 0CVE-2009-1130 – Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1130
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability." Un desbordamiento de búfer en la región heap de la memoria en Office PowerPoint 2002 SP3 y 2003 SP3, y PowerPoint en Office 2004 para Mac, de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de una estructura diseñada en un contenedor de Notes en un archivo de PowerPoint que causa que PowerPoint lea más datos de los que se asignaron al crear un objeto C++, conllevando a una sobrescritura de un puntero de función, también se conoce como "Heap Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office's PowerPoint. User interaction is required to exploit this vulnerability in that the target must open up a malicious file. The vulnerability exists within the parsing of certain structures inside a Notes container. During population of a C++ object when reading the Notes container, Powerpoint incorrectly reads more data than was allocated for overwriting a function pointer for the object which is later used in a call from mso.dll. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794 http://secunia.com/advisories/32428 http://www.securityfocus.com/archive/1/503454 http://www.securityfocus.com/bid/34840 http://www.securitytracker.com/id?1022205 http://www.us-cert.gov/cas/techalerts/TA09-132A.html http://www.vupen.com/english/advisories/2009/1290 http://www.zerodayinitiative.com/advisories/ZDI-09-020 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 82%CPEs: 9EXPL: 0CVE-2009-0100
https://notcve.org/view.php?id=CVE-2009-0100
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability." Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, y 2007 SP1; Excel en Microsoft Office 2004 y 2008 para Mac; Microsoft Office Excel Viewer y Excel Viewer 2003 SP3; y Microsoft Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 no parsea adecuadamente el fichero con formato de hoja de cálculo Excel, lo cual permite a atacantes remotos ejecutar código de su elección a través de una hoja de cálculo manipulada que contiene un objeto mal formado, también conocido como "Vulnerabilidad de corrupción de memoria". • http://osvdb.org/53665 http://www.fortiguardcenter.com/advisory/FGA-2009-16.html http://www.securityfocus.com/archive/1/502696/100/0/threaded http://www.securitytracker.com/id?1022039 http://www.us-cert.gov/cas/techalerts/TA09-104A.html http://www.vupen.com/english/advisories/2009/1023 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6043 • CWE-399: Resource Management Errors •