Vulnerability identifier: #VU1178
Vulnerability risk: Critical
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Microsoft PowerPoint for Mac
Client/Desktop applications /
Office applications
Microsoft Office
Client/Desktop applications /
Office applications
Microsoft Office for Mac
Client/Desktop applications /
Office applications
Vendor:
Microsoft
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness is due to memory corruption in mso.dll. By persuading the victim to open a specially crafted PPT file, containing a malformed shape container, a remote attacker can execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in complete compromise of vulnerable system.
Note: this vulnerability was being actively exploited.
Mitigation
Microsoft PowerPoint 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=B7B5615B-7C20-4C49-892F-7F4CCC2D6006
Microsoft PowerPoint 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=A9C7E43B-A0A6-4C81-87ED-3F4DED78EAEA
Microsoft PowerPoint 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=DE1CB2A7-5D4C-44B8-BC40-7E0A88CC3081
PowerPoint 2004 for Mac - https://www.microsoft.com/mac
PowerPoint v. X for Mac - https://www.microsoft.com/mac
Vulnerable software versions
:
Microsoft PowerPoint for Mac: 2004 - v.X
Microsoft Office:
Microsoft Office for Mac: 2004
External links
http://technet.microsoft.com/library/security/922970
http://technet.microsoft.com/en-us/library/security/ms06-048.aspx
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.