1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Office OCX PowerPoint Viewer BO

HTTP Office OCX PowerPoint Viewer BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature attempts to detect buffer overflow vulnerability by passing excessively long characters to a method of the PowerPointViewer.ocx ActiveX control.

Additional Information

PowerPoint Viewer (PowerPointViewer.ocx) is used to host a PowerPoint file on a website.

PowerPoint Viewer ActiveX control is prone to multiple denial-of-service vulnerabilities.

These issues present themselves in the 'HttpDownload' ,'DoOleCommand', 'FTPDownloadFile', 'FTPUploadFile', 'HttpUploadFile', 'Save', and 'SaveWebFile' methods. Supplying excessive or specially crafted data to the application through the affected methods can trigger these issues.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer).

PowerPoint Viewer ActiveX Control 3.1 is reported vulnerable to these issues; other versions may also be affected.

Affected

  • Office OCX PowerPoint Viewer 3.1

Response

Ensure that all patches and security updates have been applied.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube