|
|
|
|
| |
Credit:
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-245/
|
| |
Vulnerable Systems:
* Microsoft Office PowerPoint
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the application trusting a value defined within a file. This value will have some arithmetic performed on it, and subsequently be used as a counter for a processing loop. By modifying this value, an attacker can reliably corrupt memory. Successful exploitation will lead to code execution under the context of the application.
Patch Availability:
Microsoft has issued an update to correct this vulnerability at:
http://www.microsoft.com/technet/security/bulletin/ms10-088.mspx
CVE Information:
CVE-2010-2573
Disclosure Timeline:
2010-06-02 - Vulnerability reported to vendor
2010-11-09 - Coordinated public release of advisory
|
|
|
|
|
