Microsoft PowerPoint CVE-2011-3396 DLL Loading Arbitrary Code Execution Vulnerability
BID:50967
Info
Microsoft PowerPoint CVE-2011-3396 DLL Loading Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 50967 |
| Class: | Design Error |
| CVE: |
CVE-2011-3396 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 13 2011 12:00AM |
| Updated: | Dec 13 2011 12:00AM |
| Credit: | Greg MacManus of iSIGHT Partners Labs |
| Vulnerable: |
Microsoft PowerPoint 2010 0 Microsoft PowerPoint 2007 SP2 Microsoft PowerPoint 2007 SP1 Microsoft PowerPoint 2007 0 |
| Not Vulnerable: | |
Discussion
Microsoft PowerPoint CVE-2011-3396 DLL Loading Arbitrary Code Execution Vulnerability
Microsoft PowerPoint is prone to vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic Link Library (DLL) file.
Successful exploits will compromise the application in the context of the currently logged-in user.
Microsoft PowerPoint is prone to vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic Link Library (DLL) file.
Successful exploits will compromise the application in the context of the currently logged-in user.
Exploit / POC
Microsoft PowerPoint CVE-2011-3396 DLL Loading Arbitrary Code Execution Vulnerability
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
Solution / Fix
Microsoft PowerPoint CVE-2011-3396 DLL Loading Arbitrary Code Execution Vulnerability
Solution:
The vendor has released an advisory and updates. Please see the references for details.
Microsoft PowerPoint 2007 SP2
Microsoft PowerPoint 2010 0
Solution:
The vendor has released an advisory and updates. Please see the references for details.
Microsoft PowerPoint 2007 SP2
-
Microsoft Security Update for Microsoft Office PowerPoint 2007 (KB2596764)
http://www.microsoft.com/downloads/details.aspx?familyid=d0c3156c-c87c -4d3e-aca2-3fab9ff78711
Microsoft PowerPoint 2010 0
-
Microsoft Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=fd32d083-46e7 -4835-ba83-c33332b920bd -
Microsoft Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?familyid=f28b8cf6-8946 -448a-ae4e-d11f8a76a679
References
Microsoft PowerPoint CVE-2011-3396 DLL Loading Arbitrary Code Execution Vulnerability
References:
References:
- Application DLL Load Hijacking (HD Moore)
- Exploiting DLL Hijacking Flaws (hdm)
- Microsoft Homepage (Microsoft)
- Microsoft PowerPoint Homepage (Microsoft)
- Microsoft Security Advisory 2269637 Released (Microsoft)
- More information about the DLL Preloading remote attack vector (Microsoft)
- Microsoft Security Advisory (2269637) (Microsoft)
- Microsoft Security Bulletin MS11-094 (Microsoft)