CVE-2009-0227

2009-05-1222:30:00

CWE-119

microsoft

web.nvd.nist.gov

cve-2009-0227

buffer overflow

powerpoint

conversion filter

microsoft office

remote code execution

memory corruption

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.932

Percentile

99.1%

JSON

Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka “Legacy File Format Vulnerability,” a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.

Affected configurations

Nvd

Node

microsoftoffice_powerpointMatch2000sp3

microsoftoffice_powerpointMatch2002sp3

microsoftoffice_powerpointMatch2003sp3

VendorProductVersionCPE
microsoftoffice_powerpoint2000cpe:2.3:a:microsoft:office_powerpoint:2000:sp3:*:*:*:*:*:*
microsoftoffice_powerpoint2002cpe:2.3:a:microsoft:office_powerpoint:2002:sp3:*:*:*:*:*:*
microsoftoffice_powerpoint2003cpe:2.3:a:microsoft:office_powerpoint:2003:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office_powerpoint	2000	cpe:2.3:a:microsoft:office_powerpoint:2000:sp3::::::
microsoft	office_powerpoint	2002	cpe:2.3:a:microsoft:office_powerpoint:2002:sp3::::::
microsoft	office_powerpoint	2003	cpe:2.3:a:microsoft:office_powerpoint:2003:sp3::::::