[Security Vulnerability Alert] CISA adds two known vulnerabilities exploited by hackers to the KEV directory (2026/01/05-2026/01/11)

 
2026/1/14 ~ 2026/7/14
View Count:21

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000006

[Content Description]
【CVE-2009-0556】Microsoft Office PowerPoint Code Injection Vulnerability (CVSS v3.1: 8.8)
【Exploitation by Ransomware: Unknown】 Microsoft Office PowerPoint contains a code injection vulnerability. A remote attacker could trigger memory corruption in a PowerPoint file containing an invalid index value (OutlineTextRefAtom), thereby executing arbitrary code.

【CVE-2025-37164】Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability (CVSS v3.1: 10.0)
【Exploited by Ransomware: Unknown】 A code injection vulnerability exists in Hewlett Packard Enterprise (HPE) OneView, allowing unauthenticated remote users to execute remote code.

[Affected Platforms]
【CVE-2009-0556】Please refer to the official list of affected versions: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017

【CVE-2025-37164】Please refer to the official list of affected versions: https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free

[Recommended Actions]
【CVE-2009-0556】An official patch update has been released for this vulnerability. Please update to the relevant version: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017

【CVE-2025-37164】 An official patch has been released to fix the vulnerability. Please update to the relevant version: https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free

Files
None
【Back】
Top↑