HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-96
Microsoft PowerPoint Remote Code Execution Vulnerability

Original Issue Date: October 11, 2006
Updated: February 14, 2007

Severity Rating: High

System Affected

  • Microsoft Office 2000 SP3
    • Microsoft PowerPoint 2000
  • Microsoft Office XP SP3
    • Microsoft PowerPoint 2002
  • Microsoft Office 2003 SP1 or SP2
    • Microsoft Office PowerPoint 2003
  • Microsoft Office 2004 for Mac
    • Microsoft PowerPoint 2004 for Mac
  • Microsoft Office v. X for Mac
    • Microsoft PowerPoint v. X for Mac

Overview

Multiple remote code execution vulnerabilities have been reported in Microsoft PowerPoint that could be exploited by an attacker to take complete control of the vulnerable system, is user is logged on with administrative privileges

Description

PowerPoint Malformed Object Pointer Vulnerability - CVE-2006-3435 :

The vulnerability is caused due to insufficient data validation while processing the contents of a .ppt file. Opening a specially crafted PowerPoint file and parsing a malformed object pointer with Microsoft PowerPoint could corrupt system memory to allow execution of arbitrary code with the privileges of the user.

PowerPoint Malformed Data Record Vulnerability - CVE-2006-3876 :

The vulnerability is caused due to insufficient data validation while processing the contents of a .ppt file. Opening a specially crafted PowerPoint file and parsing a malformed data record with Microsoft PowerPoint could corrupt system memory to allow execution of arbitrary code with the privileges of the user.

PowerPoint Malformed Record Memory Corruption Vulnerability - CVE-2006-3877 :

The vulnerability is caused while opening a specially crafted PowerPoint file and parsing placeholder data with Microsoft PowerPoint that could corrupt system memory to allow execution of arbitrary code with the privileges of the user.

PowerPoint Malformed Record Vulnerability - CVE-2006-4694 :

The vulnerability is caused due to an error while opening a specially crafted PowerPoint file and parsing placeholder data with Microsoft PowerPoint. It could allow execution of arbitrary code with the privileges of the user.

The attacker could exploit these vulnerabilities by creating and sending a specially crafted PowerPoint file to the user via email and could persuade the user in opening the file or an attacker could host a website containing the malicious PowerPoint file and could persuade user to visit the website typically by getting them click on a link to the website. Successful; exploitation could allow an attacker to take complete control of the vulnerable system, in case user of the vulnerable system is logged on with administrative rights.

Workaround

Do not open or save Microsoft PowerPoint files that you received from untrusted sources

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-058

Refrences

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-058.mspx

FrSIRT
http://www.frsirt.com/english/advisories/2006/3977

Secunia
http://secunia.com/advisories/22127/

CVE Name
CVE-2006-3435
CVE-2006-3876
CVE-2006-3877
CVE-2006-4694

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003