Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Power Point multiple security vulnerabilities
updated since 12.05.2009
Published:11.06.2009
Source:
SecurityVulns ID:9903
Type:client
Threat Level:
7/10
Description:Multiple buffer overflows, memroy corruptions, integer overflows, etc.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
CVE:CVE-2009-1137 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.)
 CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability.")
 CVE-2009-1130 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability.")
 CVE-2009-1129 (Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.)
 CVE-2009-1128 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.)
 CVE-2009-0556 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability.")
 CVE-2009-0227 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.)
 CVE-2009-0226 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.)
 CVE-2009-0225 (Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability.")
 CVE-2009-0224 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly validate PowerPoint files, which allows remote attackers to execute arbitrary code via multiple crafted BuildList records that include ChartBuild containers, which triggers memory corruption, aka "Memory Corruption Vulnerability.")
 CVE-2009-0223 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.)
 CVE-2009-0222 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.)
 CVE-2009-0221 (Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability.")
 CVE-2009-0220 (Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability.")
Original documentdocumentSECUNIA, Secunia Research: Microsoft PowerPoint Freelance Layout Parsing Vulnerability (11.06.2009)
 documentIDEFENSE, iDefense Security Advisory 05.12.09: Microsoft PowerPoint Notes Container Heap Corruption Vulnerability (13.05.2009)
 documentIDEFENSE, iDefense Security Advisory 05.12.09: Microsoft PowerPoint Build List Memory Corruption Vulnerability (13.05.2009)
 documentIDEFENSE, iDefense Security Advisory 05.12.09: Microsoft PowerPoint Integer Overflow Vulnerability (13.05.2009)
 documentIDEFENSE, iDefense Security Advisory 05.12.09: Microsoft PowerPoint PPT95 Import Multiple Stack Buffer Overflow Vulnerabilities (13.05.2009)
 documentIDEFENSE, iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter Stack Overflow (13.05.2009)
 documentIDEFENSE, iDefense Security Advisory 05.12.09: Microsoft PowerPoint PPT95 Import Multiple Stack Buffer Overflow Vulnerabilities (13.05.2009)
 documentIDEFENSE, iDefense Security Advisory 05.12.09: Microsoft PowerPoint PPT 4.0 Importer Multiple Stack Buffer Overflow Vulnerabilities (13.05.2009)
 documentIDEFENSE, iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter Heap Corruption Vulnerability (13.05.2009)
 documentIDEFENSE, iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter Stack Buffer Overflow Vulnerability (13.05.2009)
 documentZDI, ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability (13.05.2009)
 documentZDI, ZDI-09-020: Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability (13.05.2009)
 documentSECUNIA, Secunia Research: Microsoft PowerPoint Atom Parsing Buffer Overflows (12.05.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-017 - Critical Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) (12.05.2009)
Files:Microsoft Security Bulletin MS09-017 - Critical Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) Published: May 12, 2009

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod