Lucene search

K
saintSAINT CorporationSAINT:8DC65ED5190A1A2AAE0D44CCF8A8EB83
HistoryJan 12, 2012 - 12:00 a.m.

Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability

2012-01-1200:00:00
SAINT Corporation
my.saintcorporation.com
26

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.953 High

EPSS

Percentile

99.3%

Added: 01/12/2012
CVE: CVE-2011-0655
BID: 47252
OSVDB: 71771

Background

Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.

Problem

The vulnerability is caused when PowerPoint reads an invalid record in a specially crafted PowerPoint file. A remote attacker could exploit this flaw by convincing a victim to open a specially crafted PowerPoint file which contains a malformed **ExtTimeNodeContainer** record. Successful exploitation of this issue may allow execution of arbitrary code in the context of the affected user.

Resolution

Apply the patch provided in Microsoft Security Bulletin MS11-022.

References

<http://www.zerodayinitiative.com/advisories/ZDI-11-123/&gt;

Limitations

Exploit works on Microsoft PowerPoint 2007 SP2. The target user must open the exploit file in Powerpoint.

This exploit uses the perl CPAN modules IO::Uncompress and Compress::Zlib to compress the data transferred to the target.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.953 High

EPSS

Percentile

99.3%