1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS PowerPoint Picture Index Code Exec

HTTP MS PowerPoint Picture Index Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a malformed PowerPoint file attempting to exploit an integer overflow vulnerability in the application.

Additional Information

Microsoft PowerPoint is prone to a remote code-execution vulnerability due to an integer-overflow error.

The vulnerability is caused by an error that can occur when the application calculates memory requirements for a malformed picture index in a specially crafted PowerPoint file. An integer-overflow error may occur when handling 'CString' objects. Attackers can exploit this issue by enticing a victim to open the malicious file with the vulnerable application.

Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.

Affected

  • Microsoft Powerpoint

Response

The vendor has released an advisory and updates. Please see the references for more information.

UPDATE: (August 20, 2008): Microsoft has released version 2 of the fixes for this issue. Users who manually installed version 1 of the fixes may need to reinstall version 2. Please see the updated Microsoft advisory for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube