SAINT CorporationSAINT:05B22E274F00FCBE32CDFF719FDC5A75Microsoft PowerPoint Legacy File Format Master Page buffer overflow
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.933 High
EPSS
Percentile
99.1%
Added: 05/14/2009
CVE: CVE-2009-1137
BID: 34876
OSVDB: 54381
Background
Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.
Problem
A buffer overflow vulnerability in the Legacy File Format conversion filter (**PP4X322.dll**) allows command execution when a user opens a PowerPoint 4.0 file containing a specially crafted Master Page record.
Resolution
Apply the update referenced in Microsoft Security Bulletin 09-017.
References
<http://www.microsoft.com/technet/security/bulletin/MS09-017.mspx>
Limitations
Exploit works on Microsoft PowerPoint 2000 and 2002 and requires a user to open the exploit file in Microsoft PowerPoint.
There may be a delay before the exploit succeeds after the user opens the file.
Platforms
Windows 2000
Windows XP SP2
Windows XP SP3
Related
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.933 High
EPSS
Percentile
99.1%