CVE-2009-0220
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
Múltiples desbordamientos de búfer en la región stack de la memoria en el importador de PowerPoint versión 4.0 (biblioteca PP4X32. DLL) en Office PowerPoint 2000 SP3, 2002 SP3 y 2003 SP3 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de datos de formato diseñados para párrafos en un archivo que utiliza un formato de archivo nativo de PowerPoint versión 4.0 , relacionado con (1) un cálculo incorrecto a partir de un encabezado record, o (2) un interget que se utiliza para especificar el número de bytes a copiar, también se conoce como "Legacy File Format Vulnerability".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-01-20 CVE Reserved
- 2009-05-12 CVE Published
- 2024-05-25 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=790 | Third Party Advisory | |
| http://osvdb.org/54386 | Vdb Entry | |
| http://www.securityfocus.com/bid/34833 | Vdb Entry | |
| http://www.securitytracker.com/id?1022205 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA09-132A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5610 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/32428 | 2018-10-12 | |
| http://www.vupen.com/english/advisories/2009/1290 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Powerpoint Search vendor "Microsoft" for product "Office Powerpoint" | 2000 Search vendor "Microsoft" for product "Office Powerpoint" and version "2000" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Powerpoint Search vendor "Microsoft" for product "Office Powerpoint" | 2002 Search vendor "Microsoft" for product "Office Powerpoint" and version "2002" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Powerpoint Search vendor "Microsoft" for product "Office Powerpoint" | 2003 Search vendor "Microsoft" for product "Office Powerpoint" and version "2003" | sp3 |
Affected
| ||||||