Lucene search

K
saintSAINT CorporationSAINT:09BB4936C60432BDECFB24590F9F2B73
HistoryJan 12, 2012 - 12:00 a.m.

Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability

2012-01-1200:00:00
SAINT Corporation
www.saintcorporation.com
11

0.947 High

EPSS

Percentile

99.3%

Added: 01/12/2012
CVE: CVE-2011-0655
BID: 47252
OSVDB: 71771

Background

Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.

Problem

The vulnerability is caused when PowerPoint reads an invalid record in a specially crafted PowerPoint file. A remote attacker could exploit this flaw by convincing a victim to open a specially crafted PowerPoint file which contains a malformed **ExtTimeNodeContainer** record. Successful exploitation of this issue may allow execution of arbitrary code in the context of the affected user.

Resolution

Apply the patch provided in Microsoft Security Bulletin MS11-022.

References

<http://www.zerodayinitiative.com/advisories/ZDI-11-123/&gt;

Limitations

Exploit works on Microsoft PowerPoint 2007 SP2. The target user must open the exploit file in Powerpoint.

This exploit uses the perl CPAN modules IO::Uncompress and Compress::Zlib to compress the data transferred to the target.

Platforms

Windows

0.947 High

EPSS

Percentile

99.3%