Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption

2010-02-12T00:00:00
ID SAINT:7652138214CFBD4087A9DE752299ED63
Type saint
Reporter SAINT Corporation
Modified 2010-02-12T00:00:00

Description

Added: 02/12/2010
CVE: CVE-2010-0031
BID: 38103
OSVDB: 62237

Background

Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.

Problem

A memory corruption vulnerability allows command execution when a user opens a PowerPoint file containing an OEPlaceholderAtom record with a specially crafted placementId parameter.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-004.

References

<http://www.microsoft.com/technet/security/bulletin/MS10-004.mspx>

Limitations

Exploit works on Microsoft PowerPoint 2003 SP3 and requires a user to open the exploit file in Microsoft PowerPoint.

The exploit is not executed until the exploit file is closed.

This exploit requires the IO::Uncompress::Gunzip and Compress::Zlib PERL modules from CPAN.

Platforms

Windows