CVE-2009-0227
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
Un desbordamiento de búfer en la región stack de la memoria en el filtro de conversión de PowerPoint versión 4.2 (biblioteca PP4X32. DLL) en Office PowerPoint 2000 SP3, 2002 SP3 y 2003 SP3 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de un gran número de estructuras en datos de sonido en un archivo que utiliza un formato de archivo nativo de PowerPoint versión 4.0, conllevando a una corrupción de memoria, también se conoce como "Legacy File Format Vulnerability", una vulnerabilidad diferente a los CVE-2009-0222, CVE-2009-0223, CVE-2009-0226 y CVE-2009-1137.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-01-20 CVE Reserved
- 2009-05-12 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=787 | Third Party Advisory | |
| http://osvdb.org/54384 | Vdb Entry | |
| http://www.securityfocus.com/bid/34882 | Vdb Entry | |
| http://www.securitytracker.com/id?1022205 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA09-132A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6239 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/32428 | 2018-10-12 | |
| http://www.vupen.com/english/advisories/2009/1290 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Powerpoint Search vendor "Microsoft" for product "Office Powerpoint" | 2000 Search vendor "Microsoft" for product "Office Powerpoint" and version "2000" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Powerpoint Search vendor "Microsoft" for product "Office Powerpoint" | 2002 Search vendor "Microsoft" for product "Office Powerpoint" and version "2002" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Powerpoint Search vendor "Microsoft" for product "Office Powerpoint" | 2003 Search vendor "Microsoft" for product "Office Powerpoint" and version "2003" | sp3 |
Affected
| ||||||