Microsoft PowerPoint PPT Malformed BIFF File Arbitrary Command Execution

2006-08-09T00:02:52
ID OSVDB:29143
Type osvdb
Reporter OSVDB
Modified 2006-08-09T00:02:52

Description

Vulnerability Description

A Local overflow exists in Microsoft PowerPoint. Powerpoint fails to parse crafted powerpoint file resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file resulting in a loss of confidentiality, integrity, and availability.

Solution Description

Microsoft has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): Do not open or save Microsoft Office files that you receive from un-trusted sources or that you received unexpectedly from trusted sources.

Short Description

A Local overflow exists in Microsoft PowerPoint. Powerpoint fails to parse crafted powerpoint file resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file resulting in a loss of confidentiality, integrity, and availability.

References:

Security Tracker: 1016657 Secunia Advisory ID:20633 Other Advisory URL: http://www.securityfocus.com/bid/19341 Other Advisory URL: http://secway.org/advisory/AD20060808.txt Microsoft Security Bulletin: MS06-048 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0221.html ISS X-Force ID: 28025 CVE-2006-3449 CERT VU: 884252 Bugtraq ID: 19341