[PCWorks] Microsoft PowerPoint Three Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Thu, 14 Apr 2011 23:36:07 -0500

TITLE:
Microsoft PowerPoint Three Vulnerabilities

Criticality level:  Highly critical
Impact:  System access
Where:  From remote

Software:
 Microsoft Office 2003 Professional Edition
 Microsoft Office 2003 Small Business Edition
 Microsoft Office 2003 Standard Edition
 Microsoft Office 2003 Student and Teacher Edition
 Microsoft Office 2004 for Mac
 Microsoft Office 2007
 Microsoft Office 2008 for Mac
 Microsoft Office 2010
 Microsoft Office Compatibility Pack for Word, Excel, and 
PowerPoint 2007 File Formats
 Microsoft Office for Mac 2011
 Microsoft Office PowerPoint Viewer 2007
 Microsoft Office PowerPoint Viewer 2010
 Microsoft Office Web Apps
 Microsoft Office XP
 Microsoft Open XML File Format Converter for Mac
 Microsoft PowerPoint 2002
 Microsoft Powerpoint 2003
 Microsoft PowerPoint 2007
 Microsoft PowerPoint 2010
 Microsoft PowerPoint Web App

SECUNIA ADVISORY ID:
http://secunia.com/advisories/39903/

DESCRIPTION:
Three vulnerabilities have been reported in Microsoft Office
PowerPoint, which can be exploited by malicious people to 
compromise
a user's system.

1) An error when parsing TimeColorBehaviorContainer Floating 
Point
records can be exploited to corrupt memory.

2) An error when parsing PersistDirectoryEntry records can be
exploited to corrupt memory.

3) An error when parsing OfficeArt records can be exploited to
corrupt memory.

Successful exploitation of the vulnerabilities allows execution 
of
arbitrary code.

SOLUTION:
Apply patches.

ORIGINAL ADVISORY:
MS11-022 (KB2464617, KB2464623, KB2464635, KB2464588, 
KB2464594,
KB2489283, KB2505924, KB2505927, KB2505935, KB2519975, 
KB2519984,
KB2520047, KB2525412):
http://www.microsoft.com/technet/security/Bulletin/MS11-022.mspx

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-11-123/
http://www.zerodayinitiative.com/advisories/ZDI-11-124/
http://www.zerodayinitiative.com/advisories/ZDI-11-125/


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Microsoft PowerPoint Three Vulnerabilities - Clint Hamilton-PCWorks Admin

1. Home
2. pcworks
3. Archive
4. 04-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---