Release DateJun 23, 2009 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a buffer-overflow vulnerability in the PowerPoint 4.0 converter which ships with PowerPoint 2000 through PowerPoint 2003.The vulnerability is caused by a boundary error when the vulnerable software handles a specially crafted PowerPoint file. It may allow a remote attacker to execute arbitrary code. |
Affected ProductsMicrosoft PowerPoint 2003 SP3Microsoft PowerPoint 2003 SP2 Microsoft PowerPoint 2003 SP1 Microsoft PowerPoint 2003 Microsoft PowerPoint 2002 SP3 Microsoft PowerPoint 2002 SP2 Microsoft PowerPoint 2002 SP1 Microsoft PowerPoint 2002 Microsoft PowerPoint 2000 SP3 Microsoft PowerPoint 2000 SP2 Microsoft PowerPoint 2000 SP1 Microsoft PowerPoint 2000 |
Recommended ActionsApply the most recent upgrade or patch from the vendor:http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-1137 |
Reference/shttp://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx (MS-ID)http://www.securityfocus.com/bid/34876 (BugTraq) |
