CVE-2009-0227Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Office Powerpoint

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
67.8%
top 1.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office Powerpoint
Timeline
PublishedMay 12
Latest updateMay 2

Description

Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/office_powerpoint2000, 2002, 2003+2

🔴Vulnerability Details

2
GHSA
GHSA-j9mg-gg38-qqx3: Stack-based buffer overflow in the PowerPoint 42022-05-02
CVEList
CVE-2009-0227: Stack-based buffer overflow in the PowerPoint 42009-05-12

💥Exploits & PoCs

1
Exploit-DB
Real Helix DNA - 'RTSP' / 'SETUP' Request Handler2009-07-17
CVE-2009-0227 — Microsoft vulnerability | cvebase