1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: MS PowerPoint Sound Data RCE 1

Web Attack: MS PowerPoint Sound Data RCE 1

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a vulnerability in Microsoft PowerPoint which may result in remote code execution.

Additional Information

Microsoft PowerPoint is prone to multiple remote code-execution vulnerabilities caused by an error in the 'Importer' feature when the application parses PowerPoint 95 files. Specifically, stack-based memory becomes corrupted when handling maliciously constructed sound data included in a '.ppt' file. These issues occur in the 'PP7X32.DLL' library and can be triggered with user-supplied data for either a record length value or a record name string.

A successful exploit would allow an attacker to execute arbitrary code in the context of the currently logged-in user.

Affected

  • Microsoft PowerPoint

Response

The vendor has released an advisory and updates. Please see the references for details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube