Lucene search

K

SAINT CorporationSAINT:B6938FA011DC30AB87F232AD82DF6E35

HistorySep 19, 2008 - 12:00 a.m.

Microsoft PowerPoint Viewer picture index CString object integer overflow

2008-09-1900:00:00

SAINT Corporation

my.saintcorporation.com

7

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.88 High

EPSS

Percentile

98.6%

Added: 09/19/2008
CVE: CVE-2008-0120
BID: 30552
OSVDB: 47406

Background

Microsoft PowerPoint Viewer 2003 is a free tool which allows viewing of Microsoft PowerPoint presentations without requiring Microsoft PowerPoint itself.

Problem

An integer overflow vulnerability in the handling of CString objects allows command execution when a user opens a PowerPoint file containing a malformed picture index.

Resolution

Install the update referenced in Microsoft Security Bulletin 08-051.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=739>

Limitations

Exploit works on Microsoft PowerPoint Viewer 2003 and requires a user to load the exploit file in the affected software.

This exploit might not succeed on Windows XP SP2 systems without some of the older patches.

Execution of the exploit requires the Compress-Zlib PERL module if the use compression option is enabled.

Platforms

Windows XP

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.88 High

EPSS

Percentile

98.6%

Related for SAINT:B6938FA011DC30AB87F232AD82DF6E35

seebug1 saint3 checkpoint_advisories2 securityvulns2 cve1 prion1 openvas2 nessus1