Microsoft PowerPoint Malformed Record Remote Code Execution Vulnerability
BID:18382
Info
Microsoft PowerPoint Malformed Record Remote Code Execution Vulnerability
| Bugtraq ID: | 18382 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-2492 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 13 2006 12:00AM |
| Updated: | Sep 21 2009 03:50PM |
| Credit: | Discovery is credited to Nicolas Ruff, Fabrice Desclaux, and Kostya Kortchinsky of European Aeronautic Defence and Space Company, Symantec, and Dejun Meng. |
| Vulnerable: |
Microsoft PowerPoint v. X for Mac 0 Microsoft PowerPoint 2004 for Mac 0 Microsoft PowerPoint 2003 SP3 Microsoft PowerPoint 2003 SP2 Microsoft PowerPoint 2003 SP1 Microsoft PowerPoint 2003 0 Microsoft PowerPoint 2002 SP3 Microsoft PowerPoint 2002 SP2 Microsoft PowerPoint 2002 SP1 Microsoft PowerPoint 2002 Microsoft PowerPoint 2000 SP3 Microsoft PowerPoint 2000 SR1 Microsoft PowerPoint 2000 SP2 Microsoft PowerPoint 2000 |
| Not Vulnerable: | |
Discussion
Microsoft PowerPoint Malformed Record Remote Code Execution Vulnerability
Microsoft PowerPoint is prone to a remote code-execution vulnerability. The issue is related to how the application processes malformed record data in PowerPoint documents.
To exploit this issue, an attacker must entice a victim to open a malicious PowerPoint file. If the exploit is successful, the attacker may execute arbitrary code with the privileges of the currently logged-in user.
Microsoft PowerPoint is prone to a remote code-execution vulnerability. The issue is related to how the application processes malformed record data in PowerPoint documents.
To exploit this issue, an attacker must entice a victim to open a malicious PowerPoint file. If the exploit is successful, the attacker may execute arbitrary code with the privileges of the currently logged-in user.
Exploit / POC
Microsoft PowerPoint Malformed Record Remote Code Execution Vulnerability
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Microsoft PowerPoint Malformed Record Remote Code Execution Vulnerability
Solution:
Microsoft has released a security bulletin and fixes to address this issue.
Microsoft PowerPoint 2002 SP3
Microsoft PowerPoint 2003 SP1
Microsoft PowerPoint 2000 SP3
Microsoft PowerPoint 2004 for Mac 0
Microsoft PowerPoint 2003 SP2
Microsoft PowerPoint v. X for Mac 0
Solution:
Microsoft has released a security bulletin and fixes to address this issue.
Microsoft PowerPoint 2002 SP3
-
Microsoft Security Update for PowerPoint 2002 (KB916519)
http://www.microsoft.com/downloads/details.aspx?familyid=60A1EB9F-F04B -4D21-A95E-CCC90D9782AB&displaylang=en
Microsoft PowerPoint 2003 SP1
-
Microsoft Security Update for PowerPoint 2003 (KB916518)
http://www.microsoft.com/downloads/details.aspx?familyid=FCED8804-45B4 -4FD2-8FDB-4960C5BB8954&displaylang=en
Microsoft PowerPoint 2000 SP3
-
Microsoft Security Update for PowerPoint 2000 (KB916520)
http://www.microsoft.com/downloads/details.aspx?familyid=F635F2CB-CFEE -4129-BB77-4779A3B05674&displaylang=en
Microsoft PowerPoint 2004 for Mac 0
-
Microsoft Microsoft Office 2004 for Mac 11.2.4 Update
http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/mac /download/office2004/Office2004_11.2.4.xml&secid=4&ssid=29&flgnosysreq =True
Microsoft PowerPoint 2003 SP2
-
Microsoft Security Update for PowerPoint 2003 (KB916518)
http://www.microsoft.com/downloads/details.aspx?familyid=FCED8804-45B4 -4FD2-8FDB-4960C5BB8954&displaylang=en
Microsoft PowerPoint v. X for Mac 0
-
Microsoft PowerPoint X for Mac Security Update
http://www.microsoft.com/mac/downloads.aspx?pid=download&location=/mac /download/officex/PPointX_Security_1017.xml&secid=5&ssid=31&flgnosysre q=True
References
Microsoft PowerPoint Malformed Record Remote Code Execution Vulnerability
References:
References:
- Microsoft Security Bulletin MS06-028 (Microsoft)