Multiple vulnerabilities in Microsoft Powerpoint



Published: 2009-05-12 | Updated: 2016-12-20
Risk Critical
Patch available YES
Number of vulnerabilities 14
CVE-ID CVE-2009-1137
CVE-2009-1131
CVE-2009-1130
CVE-2009-1129
CVE-2009-1128
CVE-2009-0556
CVE-2009-0227
CVE-2009-0226
CVE-2009-0225
CVE-2009-0224
CVE-2009-0223
CVE-2009-0222
CVE-2009-0221
CVE-2009-0220
CWE-ID CWE-119
CWE-121
CWE-122
CWE-129
Exploitation vector Network
Public exploit Vulnerability #6 is being exploited in the wild.
Vulnerable software
Subscribe
Microsoft PowerPoint
Client/Desktop applications / Office applications

Microsoft Office
Client/Desktop applications / Office applications

Microsoft Office for Mac
Client/Desktop applications / Office applications

PowerPoint Viewer
Client/Desktop applications / Office applications

Microsoft Works
Client/Desktop applications / Office applications

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 14 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU1417

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-1137

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malformed PowerPoint files. A remote attacker can create a specially crafted PowerPoint file containing sound data, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106
http://go.microsoft.com/fwlink/?LinkId=120394

Vulnerable software versions

Microsoft PowerPoint: 2000 - 2003

Microsoft Office: 2000 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Stack-based buffer overflow

EUVDB-ID: #VU1416

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-1131

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow when handling malformed PowerPoint files. A remote attacker can create a specially crafted PowerPoint file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894
http://go.microsoft.com/fwlink/?LinkId=120394

Vulnerable software versions

Microsoft PowerPoint: 2000

Microsoft Office: 2000


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Heap-based buffer overflow

EUVDB-ID: #VU1415

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-1130

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malformed PowerPoint files. A remote attacker can create a specially PowerPoint file containing a malformed structure value, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office 2004 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568

Vulnerable software versions

Microsoft PowerPoint: 2002 - 2003

Microsoft Office for Mac: 2004

Microsoft Office: 2003 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Stack-based buffer overflow

EUVDB-ID: #VU1414

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-1129

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow when handling malformed PowerPoint files. A remote attacker can create a specially crafted PowerPoint file containing sound data with inconsistent record length, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106
http://go.microsoft.com/fwlink/?LinkId=120394

Vulnerable software versions

Microsoft PowerPoint: 2000 - 2003

Microsoft Office: 2000 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Memory corruption

EUVDB-ID: #VU1413

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-1128

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malformed PowerPoint files. A remote attacker can create a specially crafted PowerPoint file containing sound data, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106
http://go.microsoft.com/fwlink/?LinkId=120394

Vulnerable software versions

Microsoft PowerPoint: 2000 - 2003

Microsoft Office: 2000 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Memory corruption

EUVDB-ID: #VU1412

Risk: Critical

CVSSv3.1:

CVE-ID: CVE-2009-0556

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malformed PowerPoint files. A remote attacker can create a specially crafted PowerPoint file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office 2004 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568

Vulnerable software versions

Microsoft PowerPoint: 2000 - 2003

Microsoft Office for Mac: 2004

Microsoft Office: 2000 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Stack-based buffer overflow

EUVDB-ID: #VU1411

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0227

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow when handling malformed PowerPoint files. A remote attacker can create a specially crafted PowerPoint file containing sound data, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106
http://go.microsoft.com/fwlink/?LinkId=120394

Vulnerable software versions

Microsoft PowerPoint: 2000 - 2003

Microsoft Office: 2000 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Stack-based buffer overflow

EUVDB-ID: #VU1410

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0226

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow when handling malformed PowerPoint files. A remote attacker can create a specially crafted PowerPoint file containing sound data, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106
http://go.microsoft.com/fwlink/?LinkId=120394

Vulnerable software versions

Microsoft PowerPoint: 2000 - 2003

Microsoft Office: 2000 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Memory corruption

EUVDB-ID: #VU1409

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0225

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to ''array indexing'' error when handling malformed PowerPoint files. A remote attacker can create a specially crafted PowerPoint file containing sound data, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394

Vulnerable software versions

Microsoft PowerPoint: 2002

Microsoft Office: XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Memory corruption

EUVDB-ID: #VU1408

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0224

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malformed PowerPoint files. A remote attacker can create a specially crafted PowerPoint file containing invalid record type, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2007 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=11f8380f-ffb6-4c22-a89c-3dc55d0f9834
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=11f8380f-ffb6-4c22-a89c-3dc55d0f9834
Microsoft Office 2004 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550
http://go.microsoft.com/fwlink/?LinkID=143568
Microsoft Office 2008 for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=58326da2-eb75-4b42-b1bc-e70319defb58
http://go.microsoft.com/fwlink/?LinkID=143568
Open XML File Format Converter for Mac:
https://www.microsoft.com/downloads/details.aspx?FamilyID=9d6d9eaa-8442-4184-8886-faab2803bde6
http://go.microsoft.com/fwlink/?LinkId=131481
PowerPoint Viewer 2003:
https://www.microsoft.com/downloads/details.aspx?familyid=6a57e6ed-bd24-406f-87bb-117391e083e0
http://go.microsoft.com/fwlink/?LinkId=125468
PowerPoint Viewer 2007 Service Pack 1 and PowerPoint Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=141b8338-5c52-4326-a9e4-d2f2d8940d9c
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=e1d3a4c3-538a-4f98-8d60-250803a80e2a
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Works 8.5:
https://www.microsoft.com/downloads/details.aspx?familyid=628280fe-e035-4274-85f2-393d9bad543c
http://go.microsoft.com/fwlink/?LinkId=126306
Microsoft Works 9:
https://www.microsoft.com/downloads/details.aspx?familyid=f6fa110e-45c6-450f-ae47-c89a06e3f762

Vulnerable software versions

Microsoft PowerPoint: 2000 - 2007

Microsoft Office for Mac: 2004 - 2008

PowerPoint Viewer: 2003 - 2007

Microsoft Office: 2000 - XP

Microsoft Works: 8.5 - 9.0


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Memory corruption

EUVDB-ID: #VU1407

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0223

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malformed PowerPoint files. A remote attacker can create a specially crafted PowerPoint file containing sound data, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106
http://go.microsoft.com/fwlink/?LinkId=120394

Vulnerable software versions

Microsoft PowerPoint: 2000 - 2003

Microsoft Office: 2000 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Memory corruption

EUVDB-ID: #VU1406

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0222

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malformed PowerPoint files. A remote attacker can create a specially crafted PowerPoint file containing sound data, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106
http://go.microsoft.com/fwlink/?LinkId=120394

Vulnerable software versions

Microsoft PowerPoint: 2000 - 2003

Microsoft Office: 2000 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Integer Overflow or Wraparound

EUVDB-ID: #VU1405

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0221

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow when handling malformed PowerPoint files. A remote attacker can create a specially PowerPoint file containing an invalid record type, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106
http://go.microsoft.com/fwlink/?LinkId=120394

Vulnerable software versions

Microsoft PowerPoint: 2002 - 2003

Microsoft Office: 2003 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Stack-based buffer overflow

EUVDB-ID: #VU1404

Risk: High

CVSSv3.1:

CVE-ID: CVE-2009-0220

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow when handling malformed PowerPoint files. A remote attacker can create a specially crafted PowerPoint file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website:

Microsoft Office PowerPoint 2000 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2002 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49
http://go.microsoft.com/fwlink/?LinkId=120394
Microsoft Office PowerPoint 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106
http://go.microsoft.com/fwlink/?LinkId=120394

Vulnerable software versions

Microsoft PowerPoint: 2000 - 2003

Microsoft Office: 2000 - XP


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms09-017.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###