CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.9%
Added: 02/12/2010
CVE: CVE-2010-0031
BID: 38103
OSVDB: 62237
Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.
A memory corruption vulnerability allows command execution when a user opens a PowerPoint file containing an OEPlaceholderAtom record with a specially crafted placementId parameter.
Apply the update referenced in Microsoft Security Bulletin 10-004.
<http://www.microsoft.com/technet/security/bulletin/MS10-004.mspx>
Exploit works on Microsoft PowerPoint 2003 SP3 and requires a user to open the exploit file in Microsoft PowerPoint.
The exploit is not executed until the exploit file is closed.
This exploit requires the IO::Uncompress::Gunzip and Compress::Zlib PERL modules from CPAN.
Windows