[VULNERABILITY ALERT] CISA Adds 2 Known Exploited Vulnerabilities to KEV Catalog (2026/01/05-2026/01/11)

• Subject: [VULNERABILITY ALERT] CISA Adds 2 Known Exploited Vulnerabilities to KEV Catalog (2026/01/05-2026/01/11)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202601-00000006
  • [CVE-2009-0556] Microsoft Office PowerPoint Code Injection Vulnerability (CVSS v3.1: 8.8)
  • [Known to be exploited by ransomware: Unknown] Microsoft Office PowerPoint contains a code injection vulnerability. A remote attacker can trigger memory corruption via a PowerPoint file containing an OutlineTextRefAtom with an invalid index value, thereby executing arbitrary code.
  • [CVE-2025-37164] Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability (CVSS v3.1: 10.0)
  • [Known to be exploited by ransomware: Unknown] Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability, allowing unauthenticated remote users to perform remote code execution.
• Affected Platforms:
  • [CVE-2009-0556] Please refer to the affected versions listed by the official source: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017
  • [CVE-2025-37164] Please refer to the affected versions listed by the official source: https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free
• Recommended Actions:
  • [CVE-2009-0556] The vendor has released security updates for this vulnerability; please update to the relevant versions: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017
  • [CVE-2025-37164] The vendor has released security updates for this vulnerability; please update to the relevant versions: https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free

Computer and Communication Center
Network Systems Division, Respectfully