PRIOn knowledge basePRION:CVE-2009-0220

HistoryMay 12, 2009 - 10:30 p.m.

Stack overflow

2009-05-1222:30:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.924 High

EPSS

Percentile

98.9%

JSON

Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka “Legacy File Format Vulnerability.”

CPENameOperatorVersion
office_powerpointeq2003 sp3
office_powerpointeq2002 sp3
office_powerpointeq2000 sp3

Name	Operator	Version
office_powerpoint	eq	2003 sp3
office_powerpoint	eq	2002 sp3
office_powerpoint	eq	2000 sp3

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=790

osvdb.org/54386

secunia.com/advisories/32428

www.securityfocus.com/bid/34833

www.securitytracker.com/id?1022205

www.us-cert.gov/cas/techalerts/TA09-132A.html

www.vupen.com/english/advisories/2009/1290

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5610

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.924 High

EPSS

Percentile

98.9%

JSON

Related for PRION:CVE-2009-0220