|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=739
|
| |
Vulnerable Systems:
* pptview.exe file version 11.0.5703.0 (as included in Microsoft Office 2003 SP2)
* pptview.exe file version 11.0.6566.0 (as included in Microsoft Office 2003 SP2)
Immune Systems:
* pptview.exe file version 11.0.8164.0 (as included in Microsoft Office 2003 SP3)
This vulnerability specifically exists when handling CString objects embedded in a PowerPoint presentation file. An issue in this object results in a very small amount of buffer being allocated while a very large amount of data is copied into it. This leads to an exploitable heap-based buffer overflow.
Analysis:
Exploitation allows an attacker to execute arbitrary code in the context of a user opening a malicious presentation using Microsoft PowerPoint Viewer 2003. In order to exploit this vulnerability, an attacker must persuade, or otherwise force, a targeted user to open such a document. This could be accomplished using a direct URL, an e-mail, an instant message, or even by hijacking a trusted site.
Vendor response:
Microsoft has officially addressed this vulnerability with Security Bulletin MS08-051. For more information, consult their bulletin at the following URL:
http://www.microsoft.com/technet/security/bulletin/ms08-051.mspx
CVE Information:
CVE-2008-0120
Disclosure timeline:
09/28/2007 - Initial vendor notification
09/28/2007 - Initial vendor response
08/12/2008 - Coordinated public disclosure
|
|
|
|
|
