Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2009-0224 to a friend New vulnerability? New tool? Tell us	CVE-2009-0224 Microsoft PowerPoint Build List Memory Corruption Vulnerability (MS09-017)     Credit: The information has been provided by Sean Larsson. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=793 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2009-0224 Details Check for CVE-2009-0224 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Microsoft PowerPoint 2000 SP3  * Microsoft PowerPoint 2002 (XP) SP3  * Microsoft PowerPoint 2003 SP2  * Microsoft PowerPoint 2003 SP3  * Microsoft PowerPoint 2007  * Microsoft PowerPoint 2007 SP1  * Microsoft PowerPoint Viewer 2003 The vulnerability occurs during the parsing of the BuildList record. This record is a container for other records that describe charts and diagrams in the PowerPoint file. By inserting multiple BuildList records with ChartBuild containers inside of them, it is possible to trigger a memory corruption vulnerability during the parsing of the ChartBuild container's contents. This allows an attacker to control an object pointer, which can lead to attacker supplied function pointers being dereferenced. Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user opening the file. To exploit this vulnerability, an attacker needs to convince a user to open a malicious file. If the targeted user is running PowerPoint 2000, and the "Office Document Open Confirmation Tool" is not installed, then it is possible to exploit this vulnerability directly through the browser. Due to the nature of the vulnerability, relatively precise control of the process memory layout is needed to successfully exploit this vulnerability. iDefense Labs has developed exploit code that successfully exploits this vulnerability. Patch Availability: Microsoft has released a patch which addresses this issue. For more information, consult their advisory at the following URL: http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx Workaround Use Microsoft's moice tool to convert files to the new XML format. CVE Information: CVE-2009-0224 Disclosure Timeline: 10/06/2008 - Initial Contact 10/06/2008 - Initial Response 10/06/2008 - Researcher sent Inquiry to Vendor 10/07/2008 - Case number assigned 10/07/2008 - Initial resposne to Researcher Inquiry 12/12/2008 - Status Update Received - estimated release date 03/10/2009 02/24/2009 - Researcher restates Inquiry to Vendor 02/24/2009 - Status Update Received - estimated release date 06/09/2009 02/24/2009 - Vendor provides response to Inquiry 05/12/2009 - Coordinated Public Disclosure  Comments on CVE-2009-0224:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®