CVE-2009-0220Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Office Powerpoint

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
70.6%
top 1.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office Powerpoint
Timeline
PublishedMay 12
Latest updateMay 2

Description

Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/office_powerpoint2000, 2002, 2003+2

🔴Vulnerability Details

2
GHSA
GHSA-w8rj-jwp5-rg54: Multiple stack-based buffer overflows in the PowerPoint 42022-05-02
CVEList
CVE-2009-0220: Multiple stack-based buffer overflows in the PowerPoint 42009-05-12
CVE-2009-0220 — Microsoft vulnerability | cvebase