Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0220

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0220
Last Modified 21 Aug 2010 12:00:00
Published 12 May 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0220

Summary

Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office Powerpoint 2000

  • Microsoft Office Powerpoint 2002

  • Microsoft Office Powerpoint 2003


References

CERT - TA09-132A

MS - MS09-017

VUPEN - ADV-2009-1290

SECTRACK - 1022205

BID - 34833

SECUNIA - 32428

OSVDB - 54386

IDEFENSE - 20090512 Microsoft PowerPoint PPT 4.0 Importer Multiple Stack Buffer Overflow Vulnerabilities

Related Patches

MS09-017 967340 957790 (English/MUI) Security Update for Microsoft PowerPoint 2000


Last Updated: 27 May 2016 10:50:10