CVE-2009-0556

Summary

CVE	CVE-2009-0556
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-04-03 18:30:00 UTC
Updated	2018-10-12 21:50:00 UTC
Description	Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."

Risk And Classification

EPSS: 0.764470000 probability, percentile 0.989290000 (date 2026-04-04)

CISA KEV: Listed on 2026-01-07; due 2026-01-28; ransomware use Unknown

Problem Types: CWE-94

CISA Known Exploited Vulnerability

Vendor	Microsoft
Product	Office
Name	Microsoft Office PowerPoint Code Injection Vulnerability
Required Action	Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes	https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0556

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Microsoft	Office Powerpoint	2004	All	All	All
Application	Microsoft	Office Powerpoint	2004	All	All	All
Application	Microsoft	Powerpoint	2000	sp3	All	All
Application	Microsoft	Powerpoint	2002	sp3	All	All
Application	Microsoft	Powerpoint	2003	sp3	All	All
Application	Microsoft	Powerpoint	2000	sp3	All	All
Application	Microsoft	Powerpoint	2002	sp3	All	All
Application	Microsoft	Powerpoint	2003	sp3	All	All

References

Reference	Source	Link	Tags
SecurityTracker.com Archives - Microsoft Office PowerPoint Invalid Object Access Bug Lets Remote Users Execute Arbitrary Code	SECTRACK	www.securitytracker.com
Microsoft Security Bulletin MS09-017 - Critical \| Microsoft Docs	MS	docs.microsoft.com
US-CERT Technical Cyber Security Alert TA09-132A -- Microsoft PowerPoint Multiple Vulnerabilities	CERT	www.us-cert.gov	US Government Resource
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
53182	OSVDB	osvdb.org
Microsoft Malware Protection Center : New 0-day Exploits Using PowerPoint Files	CONFIRM	blogs.technet.com	Vendor Advisory
Microsoft PowerPoint File Parsing 'OutlineTextRefAtom' Remote Code Execution Vulnerability	BID	www.securityfocus.com
Microsoft PowerPoint OutlineTextRefAtom Parsing Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Zero Day Initiative	MISC	www.zerodayinitiative.com
US-CERT Vulnerability Note VU#627331	CERT-VN	www.kb.cert.org	US Government Resource
Your request has been blocked. This could be due to several reasons.	CONFIRM	www.microsoft.com	Patch, Vendor Advisory
The Microsoft Security Response Center (MSRC) : Microsoft Security Advisory 969136	CONFIRM	blogs.technet.com	Vendor Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
Security Research & Defense : Investigating the new PowerPoint issue	CONFIRM	blogs.technet.com	Vendor Advisory
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
Repository / Oval Repository	OVAL	oval.cisecurity.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.