Is CVE-2009-1137 actively exploited?

CVE-2009-1137 has no public evidence of in-the-wild exploitation as of 2026-04-23.

What is the CVSS score for CVE-2009-1137?

CVE-2009-1137 has a CVSS score of 9.3 (UNKNOWN severity). Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C.

How do I patch CVE-2009-1137?

Patch guidance is available from microsoft security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2009-1137.

CVE-2009-1137 - remediation guidance & executive summary

Q: Which products are affected by CVE-2009-1137?

3 products: microsoft office powerpoint, microsoft office powerpoint, microsoft office powerpoint.

Description

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.

CVSS Metrics

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector: network
Access Cmplx: medium
Auth: none
Confidentiality: complete
Integrity: complete
Availability: complete
Weaknesses: CWE-119 · Memory Buffer Errors

Metadata

Primary Vendor: MICROSOFT
Published: 5/12/2009
Last Modified: 4/23/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

microsoft : office_powerpointmicrosoft : office_powerpointmicrosoft : office_powerpoint

Remediation Guidance

Executive Summary

View on NIST NVD