Description
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
CISA Known Exploited Vulnerability
Date added 2026-01-07 | Due date 2026-01-28
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
References
www.zerodayinitiative.com/advisories/ZDI-09-019
blogs.technet.com/...ay-exploits-using-powerpoint-files.aspx
www.vupen.com/english/advisories/2009/1290 (ADV-2009-1290)
osvdb.org/53182 (53182)
docs.microsoft.com/...pdates/securitybulletins/2009/ms09-017 (MS09-017)
exchange.xforce.ibmcloud.com/vulnerabilities/49632 (powerpoint-unspecified-code-execution(49632))
www.securityfocus.com/bid/34351 (34351)
www.vupen.com/english/advisories/2009/0915 (ADV-2009-0915)
blogs.technet.com/...microsoft-security-advisory-969136.aspx
blogs.technet.com/...stigating-the-new-powerpoint-issue.aspx
oval.cisecurity.org/...finition/oval:org.mitre.oval:def:6279 (oval:org.mitre.oval:def:6279)
secunia.com/advisories/34572 (34572)
www.securitytracker.com/id?1021967 (1021967)
www.us-cert.gov/cas/techalerts/TA09-132A.html (TA09-132A)
www.microsoft.com/technet/security/advisory/969136.mspx
www.kb.cert.org/vuls/id/627331 (VU#627331)
www.securityfocus.com/archive/1/503453/100/0/threaded (20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability)
oval.cisecurity.org/...finition/oval:org.mitre.oval:def:6204 (oval:org.mitre.oval:def:6204)
www.cisa.gov/...nerabilities-catalog?field_cve=CVE-2009-0556
www.zerodayinitiative.com/advisories/ZDI-09-019
blogs.technet.com/...ay-exploits-using-powerpoint-files.aspx
www.vupen.com/english/advisories/2009/1290 (ADV-2009-1290)
osvdb.org/53182 (53182)
docs.microsoft.com/...pdates/securitybulletins/2009/ms09-017 (MS09-017)
exchange.xforce.ibmcloud.com/vulnerabilities/49632 (powerpoint-unspecified-code-execution(49632))
www.securityfocus.com/bid/34351 (34351)
www.vupen.com/english/advisories/2009/0915 (ADV-2009-0915)
blogs.technet.com/...microsoft-security-advisory-969136.aspx
blogs.technet.com/...stigating-the-new-powerpoint-issue.aspx
oval.cisecurity.org/...finition/oval:org.mitre.oval:def:6279 (oval:org.mitre.oval:def:6279)
secunia.com/advisories/34572 (34572)
www.securitytracker.com/id?1021967 (1021967)
www.us-cert.gov/cas/techalerts/TA09-132A.html (TA09-132A)
www.microsoft.com/technet/security/advisory/969136.mspx
www.kb.cert.org/vuls/id/627331 (VU#627331)
www.securityfocus.com/archive/1/503453/100/0/threaded (20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability)
oval.cisecurity.org/...finition/oval:org.mitre.oval:def:6204 (oval:org.mitre.oval:def:6204)
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.