CVE-2009-0225
published 2009-05-12CVE-2009-0225: Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file…
PriorityP352critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
31.07%
98.0th percentile
Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office_powerpoint | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9g94-hxf9-jhqx: Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 nati
ghsa_unreviewed·2022-05-02
CVE-2009-0225 [HIGH] CWE-94 GHSA-9g94-hxf9-jhqx: Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 nati
Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
Red Hat
kernel: use flag in do_coredump()
vendor_redhat·2009-11-12·CVSS 7.5
CVE-2006-6304 [HIGH] kernel: use flag in do_coredump()
kernel: use flag in do_coredump()
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit d025c9db that introduced the problem.
This upstream commit was backported in Red Hat Enterprise Linux 5 via RHSA-2009:0225. It was later reported and addressed in Red Hat Enterprise Linux 5 via RHSA-2010:0046.
Red Hat
kernel: uvcvideo: Fix a buffer overflow in format descriptor parsing
vendor_redhat·2008-07-31·CVSS 10.0
CVE-2008-3496 [CRITICAL] kernel: uvcvideo: Fix a buffer overflow in format descriptor parsing
kernel: uvcvideo: Fix a buffer overflow in format descriptor parsing
Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.
Statement: Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
The uvcvideo driver was first added in kernel packages update RHSA-2009:0225 in Red Hat Enterprise Linux 5.3, and it already contained a fix for this flaw.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/54388http://secunia.com/advisories/32428http://www.securityfocus.com/bid/34880http://www.securitytracker.com/id?1022205http://www.us-cert.gov/cas/techalerts/TA09-132A.htmlhttp://www.vupen.com/english/advisories/2009/1290http://www.vupen.com/exploits/Microsoft_PowerPoint_Array_Indexing_Code_Execution_Exploit_MS09_017_1290125.phphttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5526http://osvdb.org/54388http://secunia.com/advisories/32428http://www.securityfocus.com/bid/34880http://www.securitytracker.com/id?1022205http://www.us-cert.gov/cas/techalerts/TA09-132A.htmlhttp://www.vupen.com/english/advisories/2009/1290http://www.vupen.com/exploits/Microsoft_PowerPoint_Array_Indexing_Code_Execution_Exploit_MS09_017_1290125.phphttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5526
2009-05-12
Published