CVE-2009-0224 (CNNVD-200905-153)
中文标题:
Microsoft PowerPoint BuildList记录内存破坏漏洞
英文标题:
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 20...
漏洞描述
中文描述:
Microsoft PowerPoint是美国微软(Microsoft)公司的Office套件中的一个文档演示工具。 PowerPoint在解析BuildList记录时存在内存破坏漏洞。BuildList记录是用于描述PowerPoint文件中表格和图标的其他记录的容器。如果所注入的多个BuildList记录中包含有ChartBuild容器的话,在解析ChartBuild容器的内容时就会触发内存破坏,允许攻击者控制对象指针并引用受控的函数。
英文描述:
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly validate PowerPoint files, which allows remote attackers to execute arbitrary code via multiple crafted BuildList records that include ChartBuild containers, which triggers memory corruption, aka "Memory Corruption Vulnerability."
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| microsoft | compatibility_pack_word_excel_powerpoint | 2007 | - | - |
cpe:2.3:a:microsoft:compatibility_pack_word_excel_powerpoint:2007:*:*:*:*:*:*:*
|
| microsoft | office_compatibility_pack_for_word_excel_ppt_2007 | * | - | - |
cpe:2.3:a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:*:*:*:*:*:*:*:*
|
| microsoft | office_powerpoint | 2000 | - | - |
cpe:2.3:a:microsoft:office_powerpoint:2000:sp3:*:*:*:*:*:*
|
| microsoft | office_powerpoint | 2002 | - | - |
cpe:2.3:a:microsoft:office_powerpoint:2002:sp3:*:*:*:*:*:*
|
| microsoft | office_powerpoint | 2003 | - | - |
cpe:2.3:a:microsoft:office_powerpoint:2003:sp3:*:*:*:*:*:*
|
| microsoft | office_powerpoint | 2007 | - | - |
cpe:2.3:a:microsoft:office_powerpoint:2007:sp1:*:*:*:*:*:*
|
| microsoft | office_powerpoint_viewer | 2003 | - | - |
cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*
|
| microsoft | office_powerpoint_viewer | 2007 | - | - |
cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*
|
| microsoft | open_xml_file_format_converter | * | - | - |
cpe:2.3:a:microsoft:open_xml_file_format_converter:*:*:mac:*:*:*:*:*
|
| microsoft | powerpoint | 2004 | - | - |
cpe:2.3:a:microsoft:powerpoint:2004:*:mac:*:*:*:*:*
|
| microsoft | powerpoint | 2008 | - | - |
cpe:2.3:a:microsoft:powerpoint:2008:*:mac:*:*:*:*:*
|
| microsoft | works | 8.5 | - | - |
cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*
|
| microsoft | works | 9.0 | - | - |
cpe:2.3:a:microsoft:works:9.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
CVSS评分详情
AV:N/AC:M/Au:N/C:C/I:C/A:C
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2009-0224 |
2025-11-11 15:18:08 | 2025-11-11 07:32:59 |
| NVD | nvd_CVE-2009-0224 |
2025-11-11 14:52:59 | 2025-11-11 07:41:46 |
| CNNVD | cnnvd_CNNVD-200905-153 |
2025-11-11 15:09:05 | 2025-11-11 07:49:35 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 代码注入
- cnnvd_id: 未提取 -> CNNVD-200905-153
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 9.3
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:C/I:C/A:C
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 13
- data_sources: ['cve'] -> ['cve', 'nvd']