Computer Security

Security Advisory: Vulnerable function in newest PowerPoint case (MS Advisory #925984)
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Microsoft PowerPoinr memory corruption

  ZDI-06-032: Microsoft Office PowerPoint Malformed Slide Notes Rebuilding Vulnerability

  Microsoft Security Bulletin MS06-058 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)

  Microsoft Security Advisory (925984) Vulnerability in PowerPoint Could Allow Remote Code Execution

From:Juha-Matti Laurio <juha-matti.laurio_(at)_netti.fi>
Date:07.10.2006
Subject:Vulnerable function in newest PowerPoint case (MS Advisory #925984)

This PowerPoint vulnerability is described at Microsoft Security Advisory #925984
http://www.microsoft.com/technet/security/advisory/925984.mspx

It appears that the vulnerability is due to errors when executing VB script
SlideShowWindows.View.GotoNamedShow () automatically inside a PowerPoint presentation.

Information about the existence of related exploit code listed as NamedShows stack overwrite issue is public too.
The author and origin of the exploit code is not currently known.

Microsoft is reportedly working on a fix and Security Bulletin Advance Notification Program
reported about four upcoming October security bulletins affecting Microsoft Office recently.

- Juha-Matti
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server