Vulnerability Details CVE-2009-1129
Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.693
EPSS Ranking 98.6%
CVSS Severity
CVSS v2 Score 9.3
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=791
- http://osvdb.org/54387
- http://secunia.com/advisories/32428
- http://www.securityfocus.com/bid/34839
- http://www.securitytracker.com/id?1022205
- http://www.us-cert.gov/cas/techalerts/TA09-132A.html
- http://www.vupen.com/english/advisories/2009/1290
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6176
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=791
- http://osvdb.org/54387
- http://secunia.com/advisories/32428
- http://www.securityfocus.com/bid/34839
- http://www.securitytracker.com/id?1022205
- http://www.us-cert.gov/cas/techalerts/TA09-132A.html
- http://www.vupen.com/english/advisories/2009/1290
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6176
Products affected by CVE-2009-1129
-
cpe:2.3:a:microsoft:office_powerpoint:2000
-
cpe:2.3:a:microsoft:office_powerpoint:2002
-
cpe:2.3:a:microsoft:office_powerpoint:2003