Microsoft PowerPoint Picture Index Variant Remote Code Execution Vulnerability
BID:30554
Info
Microsoft PowerPoint Picture Index Variant Remote Code Execution Vulnerability
| Bugtraq ID: | 30554 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-0121 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 12 2008 12:00AM |
| Updated: | Aug 21 2008 01:25AM |
| Credit: | Ruben Santamarta from Reversemode.com, working with iDefense Labs |
| Vulnerable: |
Microsoft PowerPoint Viewer 2003 0 |
| Not Vulnerable: | |
Discussion
Microsoft PowerPoint Picture Index Variant Remote Code Execution Vulnerability
Microsoft PowerPoint is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file.
Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
Microsoft PowerPoint is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file.
Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
Exploit / POC
Microsoft PowerPoint Picture Index Variant Remote Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft PowerPoint Picture Index Variant Remote Code Execution Vulnerability
Solution:
The vendor released an advisory and updates to address this issue. Please see the references for more information.
2008/08/20: Microsft has released version 2 of their fixes for this issue. Users who manually installed version 1 of the fixes may need to reinstall version 2. Please see the updated Microsoft advisory for more information.
Microsoft PowerPoint Viewer 2003 0
Solution:
The vendor released an advisory and updates to address this issue. Please see the references for more information.
2008/08/20: Microsft has released version 2 of their fixes for this issue. Users who manually installed version 1 of the fixes may need to reinstall version 2. Please see the updated Microsoft advisory for more information.
Microsoft PowerPoint Viewer 2003 0
-
Microsoft Security Update for Microsoft Office PowerPoint Viewer 2003 (KB949041)
http://www.microsoft.com/downloads/details.aspx?FamilyId=911c8872-dec8 -4b8e-9708-93dcabd3e036&displaylang=en
References
Microsoft PowerPoint Picture Index Variant Remote Code Execution Vulnerability
References:
References:
- Microsoft PowerPoint Homepage (Microsoft)
- Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability (iDefense)
- Microsoft Security Bulletin MS08-051 (Microsoft)