// For flags

CVE-2009-0221

 

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."

Desbordamiento de entero en Microsoft Office PowerPoint 2002 SP3 y 2003 SP3 permite a atacantes remotos ejecutar código de su elección a través un tipo de registro inválido en un fichero PowerPoint que lanza una corrupción de memoria, también conocido como "Vulnerabilidad de desbordamiento de entero".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-01-20 CVE Reserved
  • 2009-05-12 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Office Powerpoint
Search vendor "Microsoft" for product "Office Powerpoint"
2002
Search vendor "Microsoft" for product "Office Powerpoint" and version "2002"
sp3
Affected
Microsoft
Search vendor "Microsoft"
Office Powerpoint
Search vendor "Microsoft" for product "Office Powerpoint"
2003
Search vendor "Microsoft" for product "Office Powerpoint" and version "2003"
sp3
Affected