cvelistv5 - CVE-2009-1130

CVE-2009-1130 (GCVE-0-2009-1130)

Vulnerability from cvelistv5 – Published: 2009-05-12 22:00 – Updated: 2024-08-07 05:04

Summary

Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/32428	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/1290	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/503454	mailing-listx_refsource_BUGTRAQ
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	http://www.securitytracker.com/id?1022205	vdb-entryx_refsource_SECTRACK
	http://www.zerodayinitiative.com/advisories/ZDI-09-020/	x_refsource_MISC
	http://www.us-cert.gov/cas/techalerts/TA09-132A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/34840	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:47.970Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:5961",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961"
          },
          {
            "name": "32428",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32428"
          },
          {
            "name": "ADV-2009-1290",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1290"
          },
          {
            "name": "20090512 ZDI-09-020: Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/503454"
          },
          {
            "name": "MS09-017",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
          },
          {
            "name": "20090512 Microsoft PowerPoint Notes Container Heap Corruption Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794"
          },
          {
            "name": "1022205",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-020/"
          },
          {
            "name": "TA09-132A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
          },
          {
            "name": "34840",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34840"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka \"Heap Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:5961",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961"
        },
        {
          "name": "32428",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32428"
        },
        {
          "name": "ADV-2009-1290",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1290"
        },
        {
          "name": "20090512 ZDI-09-020: Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/503454"
        },
        {
          "name": "MS09-017",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
        },
        {
          "name": "20090512 Microsoft PowerPoint Notes Container Heap Corruption Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794"
        },
        {
          "name": "1022205",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-020/"
        },
        {
          "name": "TA09-132A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
        },
        {
          "name": "34840",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34840"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-1130",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka \"Heap Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:5961",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961"
            },
            {
              "name": "32428",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32428"
            },
            {
              "name": "ADV-2009-1290",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1290"
            },
            {
              "name": "20090512 ZDI-09-020: Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/503454"
            },
            {
              "name": "MS09-017",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
            },
            {
              "name": "20090512 Microsoft PowerPoint Notes Container Heap Corruption Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794"
            },
            {
              "name": "1022205",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022205"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-020/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-020/"
            },
            {
              "name": "TA09-132A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
            },
            {
              "name": "34840",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34840"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-1130",
    "datePublished": "2009-05-12T22:00:00",
    "dateReserved": "2009-03-25T00:00:00",
    "dateUpdated": "2024-08-07T05:04:47.970Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\", \"matchCriteriaId\": \"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_powerpoint:2002:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC12B313-5CBB-4590-A252-C6A406772CAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_powerpoint:2003:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F57325F6-A2E0-4127-9A2F-DE6929AB29F3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka \\\"Heap Corruption Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de b\\u00fafer en la regi\\u00f3n heap de la memoria en Office PowerPoint 2002 SP3 y 2003 SP3, y PowerPoint en Office 2004 para Mac, de Microsoft, permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario por medio de una estructura dise\\u00f1ada en un contenedor de Notes en un archivo de PowerPoint que causa que PowerPoint lea m\\u00e1s datos de los que se asignaron al crear un objeto C++, conllevando a una sobrescritura de un puntero de funci\\u00f3n, tambi\\u00e9n se conoce como \\\"Heap Corruption Vulnerability\\\".\"}]",
      "id": "CVE-2009-1130",
      "lastModified": "2024-11-21T01:01:44.530",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-05-12T22:30:00.377",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/32428\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/503454\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/34840\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1022205\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-132A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1290\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-020/\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/32428\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/503454\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/34840\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1022205\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-132A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1290\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-020/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1130\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-05-12T22:30:00.377\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka \\\"Heap Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en Office PowerPoint 2002 SP3 y 2003 SP3, y PowerPoint en Office 2004 para Mac, de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una estructura dise\u00f1ada en un contenedor de Notes en un archivo de PowerPoint que causa que PowerPoint lea m\u00e1s datos de los que se asignaron al crear un objeto C++, conllevando a una sobrescritura de un puntero de funci\u00f3n, tambi\u00e9n se conoce como \\\"Heap Corruption Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"9409A9BD-1E9B-49B8-884F-8FE569D8AA25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_powerpoint:2002:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC12B313-5CBB-4590-A252-C6A406772CAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_powerpoint:2003:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F57325F6-A2E0-4127-9A2F-DE6929AB29F3\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/32428\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/503454\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/34840\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1022205\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-132A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1290\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-020/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/503454\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34840\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1022205\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-132A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-020/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2009-1130

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1130

Aliases

CVE-2009-1130

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1130",
    "description": "Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka \"Heap Corruption Vulnerability.\"",
    "id": "GSD-2009-1130"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1130"
      ],
      "details": "Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka \"Heap Corruption Vulnerability.\"",
      "id": "GSD-2009-1130",
      "modified": "2023-12-13T01:19:48.316383Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-1130",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka \"Heap Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:5961",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961"
          },
          {
            "name": "32428",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32428"
          },
          {
            "name": "ADV-2009-1290",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1290"
          },
          {
            "name": "20090512 ZDI-09-020: Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/503454"
          },
          {
            "name": "MS09-017",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
          },
          {
            "name": "20090512 Microsoft PowerPoint Notes Container Heap Corruption Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794"
          },
          {
            "name": "1022205",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1022205"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-020/",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-020/"
          },
          {
            "name": "TA09-132A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
          },
          {
            "name": "34840",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34840"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_powerpoint:2002:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_powerpoint:2003:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-1130"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka \"Heap Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32428",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32428"
            },
            {
              "name": "TA09-132A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
            },
            {
              "name": "ADV-2009-1290",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1290"
            },
            {
              "name": "20090512 ZDI-09-020: Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/503454"
            },
            {
              "name": "1022205",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022205"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-020/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-020/"
            },
            {
              "name": "34840",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34840"
            },
            {
              "name": "20090512 Microsoft PowerPoint Notes Container Heap Corruption Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794"
            },
            {
              "name": "oval:org.mitre.oval:def:5961",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961"
            },
            {
              "name": "MS09-017",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:50Z",
      "publishedDate": "2009-05-12T22:30Z"
    }
  }
}

CERTA-2009-AVI-185

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft Office PowerPoint permettant l'exécution de code arbitraire à distance ont été corrigées.

Description

De multiples vulnérabilités dans Microsoft Office PowerPoint permettent à une personne malintentionnée d'exécuter du code arbitraire à distance au moyen d'un fichier spécialement conçu.

L'une des vulnérabilités corrigées est exploitée sur l'Internet et a fait l'objet de l'alerte CERTA-2009-ALE-005.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). Les mises à jour pour Mac et Microsoft Works seront disponnibles prochainement.

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Pack de compatibilité Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 1 ;
Microsoft	Office	Microsoft Office PowerPoint 2007 Service Pack 2 ;
Microsoft	N/A	PowerPoint Viewer 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office PowerPoint 2007 Service Pack 1 ;
Microsoft	N/A	PowerPoint Viewer 2003 ;
Microsoft	Office	Microsoft Office PowerPoint 2002 Service Pack 3 ;
Microsoft	Office	Microsoft Office PowerPoint 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2008 pour Mac ;
Microsoft	N/A	Microsoft Works 9.0.
Microsoft	N/A	Microsoft Works 8.5 ;
Microsoft	Office	Microsoft Office PowerPoint 2000 Service Pack 3 ;
Microsoft	N/A	PowerPoint Viewer 2007 Service Pack 1 ;
Microsoft	Office	Pack de compatibilité Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 2 ;
Microsoft	N/A	Convertisseur de formats de fichier Open XML pour Mac ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-017 du 12 mai 2009	None	vendor-advisory
Bulletin de sécurité Microsoft MS08-017 du 12 mai 2009 :	-	other
Bulletin de sécurité Microsoft MS08-017 du 12 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pack de compatibilit\u00e9 Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerPoint Viewer 2007 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerPoint Viewer 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2002 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Works 9.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Works 8.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerPoint Viewer 2007 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Pack de compatibilit\u00e9 Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Convertisseur de formats de fichier Open XML pour Mac ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office PowerPoint permettent\n\u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance\nau moyen d\u0027un fichier sp\u00e9cialement con\u00e7u.\n\nL\u0027une des vuln\u00e9rabilit\u00e9s corrig\u00e9es est exploit\u00e9e sur l\u0027Internet et a\nfait l\u0027objet de l\u0027alerte CERTA-2009-ALE-005.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). Les mises \u00e0 jour pour Mac et\nMicrosoft Works seront disponnibles prochainement.\n",
  "cves": [
    {
      "name": "CVE-2009-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0227"
    },
    {
      "name": "CVE-2009-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0225"
    },
    {
      "name": "CVE-2009-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1128"
    },
    {
      "name": "CVE-2009-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0226"
    },
    {
      "name": "CVE-2009-0220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0220"
    },
    {
      "name": "CVE-2009-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1129"
    },
    {
      "name": "CVE-2009-1130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1130"
    },
    {
      "name": "CVE-2009-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0224"
    },
    {
      "name": "CVE-2009-0556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0556"
    },
    {
      "name": "CVE-2009-1137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1137"
    },
    {
      "name": "CVE-2009-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0222"
    },
    {
      "name": "CVE-2009-0221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0221"
    },
    {
      "name": "CVE-2009-1131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1131"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-017 du 12 mai 2009 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-017.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-017 du 12 mai 2009 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS08-017.mspx"
    }
  ],
  "reference": "CERTA-2009-AVI-185",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eMicrosoft Office\nPowerPoint\u003c/span\u003e permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\nont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft PowerPoint",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-017 du 12 mai 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-185

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft Office PowerPoint permettant l'exécution de code arbitraire à distance ont été corrigées.

Description

De multiples vulnérabilités dans Microsoft Office PowerPoint permettent à une personne malintentionnée d'exécuter du code arbitraire à distance au moyen d'un fichier spécialement conçu.

L'une des vulnérabilités corrigées est exploitée sur l'Internet et a fait l'objet de l'alerte CERTA-2009-ALE-005.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). Les mises à jour pour Mac et Microsoft Works seront disponnibles prochainement.

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Pack de compatibilité Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 1 ;
Microsoft	Office	Microsoft Office PowerPoint 2007 Service Pack 2 ;
Microsoft	N/A	PowerPoint Viewer 2007 Service Pack 2 ;
Microsoft	Office	Microsoft Office PowerPoint 2007 Service Pack 1 ;
Microsoft	N/A	PowerPoint Viewer 2003 ;
Microsoft	Office	Microsoft Office PowerPoint 2002 Service Pack 3 ;
Microsoft	Office	Microsoft Office PowerPoint 2003 Service Pack 3 ;
Microsoft	Office	Microsoft Office 2008 pour Mac ;
Microsoft	N/A	Microsoft Works 9.0.
Microsoft	N/A	Microsoft Works 8.5 ;
Microsoft	Office	Microsoft Office PowerPoint 2000 Service Pack 3 ;
Microsoft	N/A	PowerPoint Viewer 2007 Service Pack 1 ;
Microsoft	Office	Pack de compatibilité Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 2 ;
Microsoft	N/A	Convertisseur de formats de fichier Open XML pour Mac ;
Microsoft	Office	Microsoft Office 2004 pour Mac ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-017 du 12 mai 2009	None	vendor-advisory
Bulletin de sécurité Microsoft MS08-017 du 12 mai 2009 :	-	other
Bulletin de sécurité Microsoft MS08-017 du 12 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Pack de compatibilit\u00e9 Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerPoint Viewer 2007 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2007 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerPoint Viewer 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2002 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2003 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2008 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Works 9.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Works 8.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office PowerPoint 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerPoint Viewer 2007 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Pack de compatibilit\u00e9 Office pour les formats de fichier Word, Excel et PowerPoint 2007 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Convertisseur de formats de fichier Open XML pour Mac ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office PowerPoint permettent\n\u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance\nau moyen d\u0027un fichier sp\u00e9cialement con\u00e7u.\n\nL\u0027une des vuln\u00e9rabilit\u00e9s corrig\u00e9es est exploit\u00e9e sur l\u0027Internet et a\nfait l\u0027objet de l\u0027alerte CERTA-2009-ALE-005.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). Les mises \u00e0 jour pour Mac et\nMicrosoft Works seront disponnibles prochainement.\n",
  "cves": [
    {
      "name": "CVE-2009-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0227"
    },
    {
      "name": "CVE-2009-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0225"
    },
    {
      "name": "CVE-2009-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1128"
    },
    {
      "name": "CVE-2009-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0226"
    },
    {
      "name": "CVE-2009-0220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0220"
    },
    {
      "name": "CVE-2009-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1129"
    },
    {
      "name": "CVE-2009-1130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1130"
    },
    {
      "name": "CVE-2009-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0224"
    },
    {
      "name": "CVE-2009-0556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0556"
    },
    {
      "name": "CVE-2009-1137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1137"
    },
    {
      "name": "CVE-2009-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0222"
    },
    {
      "name": "CVE-2009-0221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0221"
    },
    {
      "name": "CVE-2009-1131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1131"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-017 du 12 mai 2009 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-017.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-017 du 12 mai 2009 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS08-017.mspx"
    }
  ],
  "reference": "CERTA-2009-AVI-185",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eMicrosoft Office\nPowerPoint\u003c/span\u003e permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\nont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft PowerPoint",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-017 du 12 mai 2009",
      "url": null
    }
  ]
}

GHSA-GQ7M-6X7G-3CG4

Vulnerability from github – Published: 2022-05-02 03:22 – Updated: 2025-04-09 04:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1130"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-05-12T22:30:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka \"Heap Corruption Vulnerability.\"",
  "id": "GHSA-gq7m-6x7g-3cg4",
  "modified": "2025-04-09T04:09:43Z",
  "published": "2022-05-02T03:22:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1130"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32428"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/503454"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34840"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022205"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1290"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-020"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2009-1130

Vulnerability from fkie_nvd - Published: 2009-05-12 22:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794
secure@microsoft.com	http://secunia.com/advisories/32428	Vendor Advisory
secure@microsoft.com	http://www.securityfocus.com/archive/1/503454
secure@microsoft.com	http://www.securityfocus.com/bid/34840
secure@microsoft.com	http://www.securitytracker.com/id?1022205
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-132A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/1290	Vendor Advisory
secure@microsoft.com	http://www.zerodayinitiative.com/advisories/ZDI-09-020/
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32428	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/503454
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34840
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022205
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-132A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1290	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-09-020/
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961

Impacted products

Vendor	Product	Version
microsoft	office	2004
microsoft	office_powerpoint	2002
microsoft	office_powerpoint	2003

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "FC12B313-5CBB-4590-A252-C6A406772CAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "F57325F6-A2E0-4127-9A2F-DE6929AB29F3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka \"Heap Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en Office PowerPoint 2002 SP3 y 2003 SP3, y PowerPoint en Office 2004 para Mac, de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una estructura dise\u00f1ada en un contenedor de Notes en un archivo de PowerPoint que causa que PowerPoint lea m\u00e1s datos de los que se asignaron al crear un objeto C++, conllevando a una sobrescritura de un puntero de funci\u00f3n, tambi\u00e9n se conoce como \"Heap Corruption Vulnerability\"."
    }
  ],
  "id": "CVE-2009-1130",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-05-12T22:30:00.377",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32428"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/503454"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/34840"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022205"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1290"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-020/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/503454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34840"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-020/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5961"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1130 (GCVE-0-2009-1130)

GSD-2009-1130

CERTA-2009-AVI-185

Description

Solution

CERTA-2009-AVI-185

Description

Solution

GHSA-GQ7M-6X7G-3CG4

FKIE_CVE-2009-1130

Tags

Sightings

Nomenclature