CVE-2009-0556

Published Apr 3, 2009

Last updated 2 months ago

Overview

Description
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
Source
secure@microsoft.com
NVD status
Deferred
Products
office_powerpoint, powerpoint

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
9.3
Impact score
10
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov
CWE-94
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-94

Social media

Hype score
Not currently trending
  1. “🚨 CISA KEV Update (Jan 7, 2026): Two actively exploited vulns now federally prioritized! •  CVE-2025-37164 (HPE OneView): Unauth code injection → RCE. Patch by Jan 28! •  CVE-2009-0556 (Old MS Office PowerPoint): Arbitrary code exec via malformed files. Still biti

    @CyberAlliance26

    12 Jan 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CISA KEV Alert: Exploited HPE OneView RCE + Legacy PowerPoint RCE Resurface CISA added HPE OneView’s unauthenticated RCE (CVE-2025-37164, CVSS 10) and a legacy PowerPoint code-exec bug (CVE-2009-0556) to KEV, with a federal remediation deadline of Jan 28, 2026. OneView has

    @ThreatSynop

    8 Jan 2026

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CISA adds two vulnerabilities to the KEV Catalog https://t.co/9idGUAHIKd CVE-2009-0556: Microsoft Office PowerPoint Code Injection Vulnerability CVSS: 9.3 CVE-2025-37164: Hewlett Packard Enterprise OneView Code Injection Vulnerability CVSS: 10

    @DarkWebInformer

    8 Jan 2026

    2370 Impressions

    1 Retweet

    10 Likes

    2 Bookmarks

    2 Replies

    0 Quotes

  4. 🚨 CISA Adds HPE OneView (CVE-2025-37164) and PowerPoint (CVE-2009-0556) to KEV Amid Active Exploitation CISA added HPE OneView’s max-severity unauthenticated code-injection/RCE flaw (CVE-2025-37164) and a legacy Microsoft PowerPoint code-injection issue (CVE-2009-0556) to th

    @ThreatSynop

    8 Jan 2026

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CISA Adds Microsoft Office PowerPoint and HPE OneView RCE Bugs to KEV After Active Exploitation Signals CISA added CVE-2009-0556 (Microsoft Office PowerPoint memory-corruption/code-injection) and CVE-2025-37164 (unauthenticated RCE in HPE OneView) to the Known Exploited

    @ThreatSynop

    8 Jan 2026

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🛡️ We added Microsoft Office PowerPoint (CVE-2009-0556) & HPE OneView (CVE-2025-37164) code injection vulnerabilities to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecuri

    @CISACyber

    7 Jan 2026

    5290 Impressions

    16 Retweets

    38 Likes

    5 Bookmarks

    3 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.