TITLE: Microsoft PowerPoint Three Vulnerabilities Criticality level: Highly critical Impact: System access Where: From remote Software: Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office 2004 for Mac Microsoft Office 2007 Microsoft Office 2008 for Mac Microsoft Office 2010 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Microsoft Office for Mac 2011 Microsoft Office PowerPoint Viewer 2007 Microsoft Office PowerPoint Viewer 2010 Microsoft Office Web Apps Microsoft Office XP Microsoft Open XML File Format Converter for Mac Microsoft PowerPoint 2002 Microsoft Powerpoint 2003 Microsoft PowerPoint 2007 Microsoft PowerPoint 2010 Microsoft PowerPoint Web App SECUNIA ADVISORY ID: http://secunia.com/advisories/39903/ DESCRIPTION: Three vulnerabilities have been reported in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system. 1) An error when parsing TimeColorBehaviorContainer Floating Point records can be exploited to corrupt memory. 2) An error when parsing PersistDirectoryEntry records can be exploited to corrupt memory. 3) An error when parsing OfficeArt records can be exploited to corrupt memory. Successful exploitation of the vulnerabilities allows execution of arbitrary code. SOLUTION: Apply patches. ORIGINAL ADVISORY: MS11-022 (KB2464617, KB2464623, KB2464635, KB2464588, KB2464594, KB2489283, KB2505924, KB2505927, KB2505935, KB2519975, KB2519984, KB2520047, KB2525412): http://www.microsoft.com/technet/security/Bulletin/MS11-022.mspx ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-123/ http://www.zerodayinitiative.com/advisories/ZDI-11-124/ http://www.zerodayinitiative.com/advisories/ZDI-11-125/ ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-