CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.0%
Added: 05/14/2009
CVE: CVE-2009-1137
BID: 34876
OSVDB: 54381
Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.
A buffer overflow vulnerability in the Legacy File Format conversion filter (**PP4X322.dll**
) allows command execution when a user opens a PowerPoint 4.0 file containing a specially crafted Master Page record.
Apply the update referenced in Microsoft Security Bulletin 09-017.
<http://www.microsoft.com/technet/security/bulletin/MS09-017.mspx>
Exploit works on Microsoft PowerPoint 2000 and 2002 and requires a user to open the exploit file in Microsoft PowerPoint.
There may be a delay before the exploit succeeds after the user opens the file.
Windows 2000
Windows XP SP2
Windows XP SP3