|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=738
|
| |
Vulnerable Systems:
* pptview.exe file version 11.0.5703.0
Immune Systems:
* pptview.exe file version 11.0.6566.0 (as included in Microsoft Office 2003 SP2)
* pptview.exe file version 11.0.8164.0 (as included in Microsoft Office 2003 SP3)
This vulnerability specifically exists in PowerPoint Viewer 2003 when handling certain records in a PowerPoint presentation file. In some circumstances, an array index can be directly controlled by data from within the PowerPoint presentation file. Thus, a function pointer can be directly controlled by the attacker and leveraged for arbitrary code execution.
Analysis:
Exploitation allows an attacker to execute arbitrary code on the affected host in the context of the user who opened a malicious PPT presentation using Microsoft PowerPoint Viewer 2003.
Exploitation of this vulnerability would require an attacker to either host a malicious PowerPoint presentation file and use social engineering techniques to trick a user into visiting the site or to deliver the hostile code to a user via e-mail, for example. The user would then need to view the file using Microsoft's PowerPoint Viewer.
Vendor response:
Microsoft has officially addressed this vulnerability with Security Bulletin MS08-051. For more information, consult their bulletin at the following URL: http://www.microsoft.com/technet/security/bulletin/ms08-051.mspx
CVE Information:
CVE-2008-0121
Disclosure Timeline:
09/28/2007 - Initial vendor notification
09/28/2007 - Initial vendor response
08/12/2008 - Coordinated public disclosure
|
|
|
|
|
