Intrusion PreventionMS.PowerPoint.Converter.Remote.Code.Execution
Description
This indicates an attack attempt against a buffer-overflow vulnerability in the PowerPoint4.0 converter which ships with PowerPoint 2000 through PowerPoint 2003.
The vulnerability is caused by a boundary error when the vulnerable software handles a specially crafted PowerPoint file. It may allow a remote attacker to execute arbitrary code.
Affected Products
Microsoft PowerPoint 2003 SP3
Microsoft PowerPoint 2003 SP2
Microsoft PowerPoint 2003 SP1
Microsoft PowerPoint 2003
Microsoft PowerPoint 2002 SP3
Microsoft PowerPoint 2002 SP2
Microsoft PowerPoint 2002 SP1
Microsoft PowerPoint 2002
Microsoft PowerPoint 2000 SP3
Microsoft PowerPoint 2000 SP2
Microsoft PowerPoint 2000 SP1
Microsoft PowerPoint 2000
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor:
http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-03-15 | 23.512 | Sig Added |
| 2022-02-01 | 19.251 | Sig Added |
| 2022-01-17 | 19.242 | Sig Added |
| ID | 17431 |
| Created | Jun 23, 2009 |
| Updated | Sep 04, 2023 |
| Risk |
|
| CVE ID | CVE-2009-1137 |
| Exploit Prediction Score | 93.33% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | MS_Office |