Microsoft PowerPoint malformed data record vulnerability

2007-01-17T00:00:00
ID SAINT:56D79ED3169096E379131C1FED29045E
Type saint
Reporter SAINT Corporation
Modified 2007-01-17T00:00:00

Description

Added: 01/17/2007
CVE: CVE-2006-3876
BID: 20322
OSVDB: 29447

Background

Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.

Problem

Improper handling of malformed Data records in PowerPoint files allows command execution.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 06-058.

References

<http://www.kb.cert.org/vuls/id/938196>
<http://www.microsoft.com/technet/security/Bulletin/MS06-058.mspx>

Limitations

Exploit works on Microsoft PowerPoint 2000 SR-1 (9.0.3821). Exploit requires a user to open the exploit file in Microsoft PowerPoint.

Platforms

Windows