Memory Corruption Vulnerability in Microsoft Office Products
CVE-2009-0224

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Powerpoint; Office Powerpoint; Office Compatibility Pack For Word Excel Ppt 2007
Vendor: CVE Published:; 12 May 2009

Summary

This vulnerability exists within various versions of Microsoft Office PowerPoint and related products, where improper validation of PowerPoint files can lead to memory corruption. Attackers can exploit this issue by crafting specific BuildList records containing ChartBuild containers, which, upon opening in affected versions, may trigger arbitrary code execution. This exposes users to serious security risks, warranting immediate attention and patching.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/32428

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2009/1290

vdb-entryx_refsource_VUPEN

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 12, 2009
Vulnerability Reserved
Jan 20, 2009