MA-161.052009: MyCERT Alert - Multiple Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution Initial Release: 13 May 2009 1.0 Introduction A critical vulnerability has been identified in Microsoft Office PowerPoint. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. The vulnerability is caused when Microsoft Office PowerPoint accesses an invalid object in memory when parsing a specially crafted PowerPoint file. This creates a condition that allows the attacker to execute arbitrary code. Essentially, an attacker can trick unsuspecting users into launching a specially crafted document with MS Power Point. Below are CVE for these vulnerabilities: - MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)
- CVE-2009-0220
- CVE-2009-0221
- CVE-2009-0222
- CVE-2009-0223
- CVE-2009-0224
- CVE-2009-0225
- CVE-2009-0226
- CVE-2009-0227
- CVE-2009-0556
- CVE-2009-1128
- CVE-2009-1129
- CVE-2009-1130
- CVE-2009-1131
- CVE-2009-1137
2.0 Impact An attacker who successfully exploited this vulnerability could run remote code execution if a user opens a specially crafted PowerPoint file. The attacker will have the same privilege as the user. 3.0 Affected Products The detail list of the vulnerable products and versions are as below: - Microsoft Office PowerPoint 2000 Service Pack 3
- Microsoft Office PowerPoint 2002 Service Pack 3
- Microsoft Office PowerPoint 2003 Service Pack 3
- Microsoft Office PowerPoint 2007 Service Pack 1 and Microsoft Office PowerPoint 2007 Service Pack 2
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- PowerPoint Viewer 2003
- PowerPoint Viewer 2007 Service Pack 1 and PowerPoint Viewer 2007 Service Pack 2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft
- Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
- Microsoft Works 8.5
- Microsoft Works 9.0
4.0 Recommendation MyCERT highly recommends users of these applications to apply patch released by the vendor. The update or patch can be obtain from the following links: The updates for Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, Microsoft Works 8.5, and Microsoft Works 9.0 are still in development. Microsoft will issue updates on the regular bulletin release cycle for these product lines when testing is complete to ensure quality. As for the workarounds to protect from potential attacks using this vulnerability, users may use equivalent applications for viewing PowerPoint documents such as OpenOffice (http://www.openoffice.org/) MyCERT encourages users to forward suspicious Microsoft PowerPoint documents for further analysis and assistance. MyCERT can be reached at: E-mail : mycert@mycert.org.my
Phone : +603 89926969 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my 5.0 References |
