1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS Office PowerPoint Memory Corruption

HTTP MS Office PowerPoint Memory Corruption

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a memory corruption vulnerability in Microsoft Office which could allow remote code execution.

Additional Information

A remote code execution vulnerability exists in the way Microsoft Office processes malformed PowerPoint files. An attacker could exploit the vulnerability by creating a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.

If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-0118.

Affected

  • Microsoft Office 2000 SP3
  • Microsoft Office 2003 SP2
  • Microsoft Office XP SP3

Response

Download and install all vendor patches related to this issue.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube