- CVE-2009-0556 Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
(password protected archive, you need to contact me for the password)
Details: Cooperative Threat Reduction briefing.PPT - b622b9e294647277dc40205dcf27e086 and CTR_talk.PPT - 0e1fc785eff45ff0b140dbf61abf3eab
Sent: Thursday, April 02, 2009 3:59 AM
Subject: Cooperative Threat Reduction
I've attached the CTR concept paper. Feel free to circulate it. We very much look forward to the comments of you and your colleagues.
[name and contact info removed]
Message received on April 2, 2009
Cooperative Threat Reduction briefing.PPT - b622b9e294647277dc40205dcf27e086Virustotal scan on April 2, 2009
File Cooperative_Threat_Reduction_brie received on 2009.04.02 22:22:40 (UTC)
Current status: finished
Result: 2/40 (5.00%)
Antivirus Version Last Update Result
McAfee-GW-Edition 6.7.6 2009.04.01 OLE2.LooksLike.Suspicious.gen
Norman 6.00.06 2009.04.02 ShellCode.A
File size: 838144 bytes