CVE-2009-1130

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.3CRITICAL

EPSS

69.6%

top 1.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office Powerpoint

Timeline

PublishedMay 12

Latest updateMay 2

Description

Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/office_powerpoint2002, 2003+1

▶NVDmicrosoft/office2004

🔴Vulnerability Details

GHSA

GHSA-gq7m-6x7g-3cg4: Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attack↗2022-05-02

▶

CVEList

CVE-2009-1130: Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attack↗2009-05-12

▶