CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.1%
Added: 06/26/2009
CVE: CVE-2009-0226
BID: 34881
OSVDB: 54385
Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.
A buffer overflow vulnerability in Microsoft PowerPoint allows command execution when a user opens a PowerPoint 4.0 stream containing a specially crafted Format Scheme record.
Apply the update referenced in Microsoft Security Bulletin 09-017.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=789>
Exploit works on PowerPoint 2002 SP3 with the patch KB948995 and requires a user to open the exploit file.
Windows