CVE-2009-0556
Code Injection — is CVE-2009-0556real, exploitable, or a false positive? Here's the community ground truth.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
References
Published
Embed this verdict
[](https://www.truepositive.app/cve/CVE-2009-0556)<a href="https://www.truepositive.app/cve/CVE-2009-0556"><img src="https://www.truepositive.app/cve/CVE-2009-0556/badge.svg" alt="TruePositive verdict for CVE-2009-0556"></a>Live badge — updates automatically as the community verdict changes.
Community ground truth
Community verdict
2 verdictsIncludes TruePositive's curated baseline from public sources — community verdicts accrue on top.
to add your verdict.
In line with its CVSS base score.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
- 0
Confirmed exploited in the wild — listed in the CISA KEV catalog (added 2026-01-07). Treat as real and prioritize patching over triage.
Related CVEs
Same weakness — CWE-94 · Code Injection.
- CVE-2015-1635CVSS 9.8KEVEPSS 100%
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
- CVE-2017-9841CVSS 9.8KEVEPSS 100%
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
- CVE-2022-22954CVSS 9.8KEVEPSS 100%
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
- CVE-2012-0158CVSS 8.8KEVEPSS 100%
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."
- CVE-2021-22204CVSS 6.8KEVEPSS 100%
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
- CVE-2022-22963CVSS 9.8KEVEPSS 100%
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.