Office OCX PowerPoint Viewer ActiveX Denial of Service Vulnerabilities

Bugtraq ID:	23733
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-2494
Remote:	Yes
Local:	No
Published:	Apr 17 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	shinnai is credited with the discovery of these vulnerabilities.
Vulnerable:	Office OCX PowerPoint Viewer 3.1
Not Vulnerable:

Office OCX PowerPoint Viewer ActiveX Denial of Service Vulnerabilities

PowerPoint Viewer ActiveX control is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer).

PowerPoint Viewer ActiveX Control 3.1 is reported vulnerable to these issues; other versions may also be affected.

Office OCX PowerPoint Viewer ActiveX Denial of Service Vulnerabilities

The following proof of concept is available:

• /data/vulnerabilities/exploits/ppocx_poc.txt

Office OCX PowerPoint Viewer ActiveX Denial of Service Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Office OCX PowerPoint Viewer ActiveX Denial of Service Vulnerabilities

References:

• MoAxB #01: PowerPointViewer.ocx 3.1 multiple methods DoS (shinnai)
  
• PowerPoint Viewer (Office OCX)