#VU1178 Memory corruption


Published: 2016-11-15 | Updated: 2016-12-05

Vulnerability identifier: #VU1178

Vulnerability risk: Critical

CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2006-3590

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Microsoft PowerPoint for Mac
Client/Desktop applications / Office applications
Microsoft Office
Client/Desktop applications / Office applications
Microsoft Office for Mac
Client/Desktop applications / Office applications

Vendor:
Microsoft

Description
The vulnerability allows a remote user to execute arbitrary code on the target system.

The weakness is due to memory corruption in mso.dll. By persuading the victim to open a specially crafted PPT file, containing a malformed shape container, a remote attacker can execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in complete compromise of vulnerable system.

Note: this vulnerability was being actively exploited.

Mitigation
Microsoft PowerPoint 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=B7B5615B-7C20-4C49-892F-7F4CCC2D6006
Microsoft PowerPoint 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=A9C7E43B-A0A6-4C81-87ED-3F4DED78EAEA
Microsoft PowerPoint 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=DE1CB2A7-5D4C-44B8-BC40-7E0A88CC3081
PowerPoint 2004 for Mac - https://www.microsoft.com/mac
PowerPoint v. X for Mac - https://www.microsoft.com/mac

Vulnerable software versions

:

Microsoft PowerPoint for Mac: 2004 - v.X

Microsoft Office:

Microsoft Office for Mac: 2004

External links
http://technet.microsoft.com/library/security/922970
http://technet.microsoft.com/en-us/library/security/ms06-048.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.


Latest bulletins with this vulnerability


Remote code execution in Microsoft PowerPoint