CVE-2009-0556
high-risk
Published 2009-04-03
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
Do I need to act?
!
76.4% chance of exploitation in next 30 days
EPSS score — higher than 24% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (4)
Affected Vendors
References (37)
Vendor Advisory
http://secunia.com/advisories/34572
US Government Resource
http://www.kb.cert.org/vuls/id/627331
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA09-132A.html
Vendor Advisory
http://www.vupen.com/english/advisories/2009/0915
and 17 more references
67
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
27/34 · High
Exposure
10/34 · Low