Exploitation Summary
CVE-2009-0556 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 7, 2026.
Description
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
References (19)
Core 19
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49632
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-0556
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-09-019
Vendor Advisory x_refsource_confirm
http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1290
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/53182
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34351
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0915
Vendor Advisory x_refsource_confirm
http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx
Vendor Advisory x_refsource_confirm
http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34572
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021967
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-132A.html
Patch, Vendor Advisory x_refsource_confirm
http://www.microsoft.com/technet/security/advisory/969136.mspx
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/627331
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503453/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204
Scores
CVSS v3
8.8
EPSS
0.5905
EPSS Percentile
98.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2026-01-07
VulnCheck KEV
2009-04-03
InTheWild.io
2018-10-12
ENISA EUVD
EUVD-2009-0560
CWE
CWE-94
Status
published
Products (4)
microsoft/office_powerpoint
2004
microsoft/powerpoint
2000 sp3
microsoft/powerpoint
2002 sp3
microsoft/powerpoint
2003 sp3
Published
Apr 03, 2009
KEV Added
Jan 07, 2026
Tracked Since
Feb 18, 2026