|
|
|
|
| |
Credit:
The information has been provided by Sean Larsson.
|
| |
Vulnerable Systems:
* PowerPoint 2000 SP3
* PowerPoint 2002 (XP) SP2
* PowerPoint 2003 SP2
* PowerPoint 2003 SP3
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user opening the file. To exploit this vulnerability, an attacker needs to convince a user to open a malicious file. If the targeted user is running PowerPoint 2000, and the "Office Document Open Confirmation Tool" is not installed, then it is possible to exploit this vulnerability directly through the browser.
Modern versions of Windows (XP, Server 2003, Vista, Server 2008) contain heap allocators with protections against generic heap exploitation techniques. These protections include heap cookies and safe unlinking techniques. However, by default the Office applications use a custom allocator that does not use the normal heap allocator, and does not contain the same level of protection.
Patch Availability:
Microsoft has released a patch which addresses this issue. For more information, consult their advisory at the following URL:
http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx
CVE Information:
CVE-2009-0221
Disclosure Timeline:
09/03/2008 - Initial Contact
09/03/2008 - Vendor Acknowledgement
09/04/2008 - PoC Requested
09/09/2008 - PoC Sent
09/17/2008 - PoC Resend Requested
09/17/2008 - PoC Sent
10/01/2008 - Vendor Case Number Issued
12/11/2008 - Vendor Status Update
01/16/2009 - Disclosure Projected
01/20/2009 - Vendor Clarification
02/19/2009 - Vendor Status Update
05/12/2009 - Coordinated Public Disclosure
|
|
|
|
|
