CVE-2009-1129Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Office Powerpoint

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
67.8%
top 1.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Office Powerpoint
Timeline
PublishedMay 12
Latest updateMay 2

Description

Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/office_powerpoint2000, 2002, 2003+2

🔴Vulnerability Details

2
GHSA
GHSA-rrpm-xwg2-r59h: Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X322022-05-02
CVEList
CVE-2009-1129: Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X322009-05-12
CVE-2009-1129 — Microsoft vulnerability | cvebase