Microsoft PowerPoint Legacy File Format Printer driver buffer overflow

2009-05-14T00:00:00
ID SAINT:859F1616149297A9EF4AE19109D3F642
Type saint
Reporter SAINT Corporation
Modified 2009-05-14T00:00:00

Description

Added: 05/14/2009
CVE: CVE-2009-0227
BID: 34882
OSVDB: 54384

Background

Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.

Problem

A buffer overflow vulnerability in the Legacy File Format conversion filter (**PP4X322.dll**) allows command execution when a user opens a PowerPoint 4.0 file containing a Printer record structure with a specially crafted driver string.

Resolution

Apply the update referenced in Microsoft Security Bulletin 09-017.

References

<http://www.microsoft.com/technet/security/bulletin/MS09-017.mspx>

Limitations

Exploit works on Microsoft PowerPoint 2002 and requires a user to open the exploit file in Microsoft PowerPoint.

There may be a delay before the exploit succeeds after the user opens the exploit file.

Platforms

Windows XP