CVE-2009-1137

2009-05-1222:30:00

CWE-119

microsoft

web.nvd.nist.gov

cve-2009-1137

microsoft office

powerpoint

legacy file format

vulnerability

memory corruption

remote execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.932

Percentile

99.1%

JSON

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka “Legacy File Format Vulnerability,” a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.

Affected configurations

Nvd

Node

microsoftoffice_powerpointMatch2000sp3

microsoftoffice_powerpointMatch2002sp3

microsoftoffice_powerpointMatch2003sp3

VendorProductVersionCPE
microsoftoffice_powerpoint2000cpe:2.3:a:microsoft:office_powerpoint:2000:sp3:*:*:*:*:*:*
microsoftoffice_powerpoint2002cpe:2.3:a:microsoft:office_powerpoint:2002:sp3:*:*:*:*:*:*
microsoftoffice_powerpoint2003cpe:2.3:a:microsoft:office_powerpoint:2003:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office_powerpoint	2000	cpe:2.3:a:microsoft:office_powerpoint:2000:sp3::::::
microsoft	office_powerpoint	2002	cpe:2.3:a:microsoft:office_powerpoint:2002:sp3::::::
microsoft	office_powerpoint	2003	cpe:2.3:a:microsoft:office_powerpoint:2003:sp3::::::