Microsoft PowerPoint Legacy File Format Master Page buffer overflow

Added: 05/14/2009
CVE: CVE-2009-1137
BID: 34876
OSVDB: 54381


Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.


A buffer overflow vulnerability in the Legacy File Format conversion filter (PP4X322.dll) allows command execution when a user opens a PowerPoint 4.0 file containing a specially crafted Master Page record.


Apply the update referenced in Microsoft Security Bulletin 09-017.



Exploit works on Microsoft PowerPoint 2000 and 2002 and requires a user to open the exploit file in Microsoft PowerPoint.

There may be a delay before the exploit succeeds after the user opens the file.


Windows 2000
Windows XP SP2
Windows XP SP3

Back to exploit index