Microsoft PowerPoint: Arbitrary Code Execution Vulnerability

Users of Microsoft PowerPoint please be advised of an Arbitrary Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

PowerPoint-SA-11/09/2010: Microsoft PowerPoint PP7X32.DLL Record Parsing Vulnerability
Affected Software

* Microsoft PowerPoint 2002 SP3

NOTE: Other versions may also be affected.

Description of Vulnerability

Secunia Research has discovered a vulnerability in Microsoft Office
PowerPoint, which can be exploited by malicious people to compromise
a user’s system.

The vulnerability is caused by a logic error in PP7X32.DLL when
processing certain records in PowerPoint 95 files and can be
exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.Read more at http://www.criticalwatch.com

 

Advertisements