Print - 【Vulnerability Alert】CISA Adds Two Known Exploited Vulnerabilities to the KEV Catalog (2026/01/05

【Vulnerability Alert】CISA Adds Two Known Exploited Vulnerabilities to the KEV Catalog (2026/01/05–2026/01/11)

publish date : 2026-01-23 update date : 2026-01-23

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026011302011616	Publication Time	2026/01/13 14:38
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026/01/13 14:38
Impact Level	Low
[Subject] 【Vulnerability Alert】CISA Adds Two Known Exploited Vulnerabilities to the KEV Catalog (2026/01/05–2026/01/11)
[Content] Forwarded from TWCERTCC-200-202601-00000006 【CVE-2009-0556】Microsoft Office PowerPoint Code Injection Vulnerability (CVSS v3.1: 8.8) 【Whether Ransomware Exploitation Occurred: Unknown】 A code injection vulnerability exists in Microsoft Office PowerPoint. Remote attackers can trigger memory corruption by using a PowerPoint file containing an OutlineTextRefAtom with invalid index values, thereby executing arbitrary code. 【CVE-2025-37164】Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability (CVSS v3.1: 10.0) 【Whether Ransomware Exploitation Occurred: Unknown】 A code injection vulnerability exists in Hewlett Packard Enterprise (HPE) OneView, allowing unauthenticated remote users to perform remote code execution." (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] 【CVE-2009-0556】Please refer to the affected versions listed by the official source: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 【CVE-2025-37164】Please refer to the affected versions listed by the official source: https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free
[Recommended Actions] 【CVE-2009-0556】The vendor has released a patch for this vulnerability. Please update to the relevant versions: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 【CVE-2025-37164】The vendor has released a patch for this vulnerability. Please update to the relevant versions: https://myenterpriselicense.hpe.com/cwp-ui/product-details/HPE_OV_CVE_37164_Z7550-98077/-/sw_free
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center