HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-41
Remote Code Execution Vulnerability in Microsoft Office PowerPoint

Original Issue Date:April 04, 2009

Severity Rating: High

Systems Affected

  • Microsoft Office PowerPoint 2000 Service Pack 3
  • Microsoft Office PowerPoint 2002 Service Pack 3
  • Microsoft Office PowerPoint 2003 Service Pack 3
  • Microsoft Office 2004 for Mac

Overview

A vulnerability has been reported in Microsoft Office PowerPoint which could allow remote attacker to execute arbitrary code on targeted systems.

Description

 The vulnerability reported in Microsoft Office PowerPoint is caused due to an error while processing PowerPoint files. Remote attackers could exploit this vulnerability by enticing naive users to open specially crafted PowerPoint file on their system. Upon execution, specially crafted PowerPoint file try to access an invalid memory object. Successful exploitation of this vulnerability could allow remote attacker to execute arbitrary code or could gain the privileges of currently logged-in user of the targeted system.

Workarounds

  • Do not open or save Office files received unexpectedly from trusted sources or from un-trusted sources.
  • Use the Microsoft Office Isolated Conversion Environment (MOICE) for opening files from unknown or untrusted sources.
  • Use Microsoft Office File Block policy to block opening of Office 2003 and earlier documents from unknown or untrusted sources and locations

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/advisory/969136.mspx

References

Microsoft
http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx

US-CERT
http://www.kb.cert.org/vuls/id/627331

Secunia
http://secunia.com/advisories/34572/

SecurityFocus
http://www.securityfocus.com/bid/34351/

SecurityTracker
http://www.securitytracker.com/alerts/2009/Apr/1021967.html

VUPEN
http://www.vupen.com/english/advisories/2009/0915

CVE Name
CVE-2009-0556

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003