|
|
|
|
| |
Credit:
The information has been provided by Sean Larsson.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=840
|
| |
Vulnerable Systems:
* PowerPoint 2002 (XP) SP3
* PowerPoint 2003 SP3
Immune Systems:
* PowerPoint 2007
* PowerPoint 2007 SP1
This vulnerability occurs when parsing multiple "OEPlaceholderAtom" records present in a "msofbtClientData" container. This record type is used to create a placeholder for an object (picture, text, etc.) on a slide. When a certain series of these records are present, it is possible to trigger a use-after-free vulnerability, which can lead to the execution of arbitrary code.
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user opening the file. To exploit this vulnerability, an attacker would need to convince a user to open a malicious file. If the targeted user is running a vulnerable PowerPoint version and the "Office Document Open Confirmation Tool" is not installed, then it is possible to exploit this vulnerability directly through the browser.
Patch Availability:
Microsoft Corp. has released a patch which addresses this issue. Information about downloadable vendor updates can be found by clicking on the following URL:
http://www.microsoft.com/technet/security/Bulletin/MS10-004.mspx
CVE Information:
CVE-2010-0032
Disclosure Timeline:
07/08/2009 Initial Vendor Notification
07/08/2009 Initial Vendor Reply
02/09/2010 Coordinated Public Disclosure
|
|
|
|
|
