Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:1198
HistoryJan 24, 2001 - 12:00 a.m.

@stake Advisory Notification: Parsing Overflow in Microsoft Power Point 2000 (a012301-1)

2001-01-2400:00:00
vulners.com
11
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                          @stake, Inc.
                        www.atstake.com

                 Security Advisory Notification

Advisory Name: Parsing Overflow in Microsoft PowerPoint 2000
Release Date: 01/23/2001
Application: Microsoft PowerPoint 2000 (possibly earlier releases)
Platform: Windows 2K, NT (9x likely)
Severity: There is a parsing overflow in PowerPoint's file
loader. This could result in execution of arbitrary code
upon viewing a malicious web page or loading a malicious
PowerPoint file.
Authors: Dave Aitel [[email protected]]
Frank Swiderski [[email protected]]
Vendor Status: vendor has patch
CVE: CAN-2001-0005
Reference: www.atstake.com/research/advisories/2001/a012301-1.txt

Summary:

Microsoft PowerPoint is a widely used application for Microsoft Windows
that allows the user to create and view presentations. Unfortunately, a
malicious PowerPoint file can take control of the PowerPoint application
itself, without a warning window being printed to the viewer.

Because Windows Internet Explorer trusts Microsoft PowerPoint, it will
allow a PowerPoint file to be embedded in a web page, automatically
loading PowerPoint to parse it, and making the user vulnerable to
exploitation. HTML-email, if enabled, could be a similar vector for
attack.

Exploitation of this vulnerability would allow the attacker control over
the machine on which PowerPoint is running, as if he had the permissions
of the user PowerPoint is running as.

Vendor Response:

Microsoft has released a security bulletin describing this issue:
http://www.microsoft.com/technet/security/bulletin/MS01-002.asp

Microsoft has released a patch for this issue:
http://officeupdate.microsoft.com/2000/downloaddetails/ppt2ksec.htm

Advisory Reference:

http://www.atstake.com/research/advisories/2001/a012301-1.txt

** The advisory contains additional information. We encourage those
** effected by this issue to read the advisory.
**
** All vulnerablity database maintainers should reference the above
** advisory reference URL to refer to this advisory.

Advisory policy: http://www.atstake.com/research/policy/
For more advisories: http://www.atstake.com/research/advisories/
PGP Key: http://www.atstake.com/research/pgp_key.asc

Copyright 2001 @stake, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBOm3DnFESXwDtLdMhEQJQowCdFnVnx5OvuypKhHvAuh6ehxK9OPIAoMQu
XHacwvcXzwfnbI26tImpBEBH
=BDWe
-----END PGP SIGNATURE-----

Related

cve 1
cve
cve
CVE-2001-0005
2001-02-12 05:00:00
JSON
Related for SECURITYVULNS:DOC:1198
cve1