[security-alerts] FW: [SA22127] Microsoft PowerPoint Code Execution Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> Microsoft PowerPoint Code Execution Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA22127
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/22127/
> 
> CRITICAL:
> Extremely critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Microsoft PowerPoint 2000
> http://secunia.com/product/3052/
> Microsoft Office XP
> http://secunia.com/product/23/
> Microsoft Office X for Mac
> http://secunia.com/product/2610/
> Microsoft Office 2004 for Mac
> http://secunia.com/product/8713/
> Microsoft Office 2003 Student and Teacher Edition
> http://secunia.com/product/2278/
> Microsoft Office 2003 Standard Edition
> http://secunia.com/product/2275/
> Microsoft Office 2003 Small Business Edition
> http://secunia.com/product/2277/
> Microsoft Office 2003 Professional Edition
> http://secunia.com/product/2276/
> Microsoft Office 2000
> http://secunia.com/product/24/
> Microsoft PowerPoint 2002
> http://secunia.com/product/2223/
> Microsoft Powerpoint 2003
> http://secunia.com/product/5274/
> 
> DESCRIPTION:
> A vulnerability has been reported in Microsoft PowerPoint, which can
> be exploited by malicious people to compromise a user's system.
> 
> The vulnerability is due to an unspecified error when processing
> PowerPoint documents containing a malformed string. This can be
> exploited to corrupt system memory and may allow execution of
> arbitrary code when a malicious PowerPoint document is opened.
> 
> NOTE: This vulnerability is reportedly being exploited in the wild.
> 
> SOLUTION:
> Do not open untrusted Office documents.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
> 
> ORIGINAL ADVISORY:
> Microsoft:
> http://www.microsoft.com/technet/security/advisory/925984.mspx
> 
> OTHER REFERENCES:
> US-CERT VU#231204:
> http://www.kb.cert.org/vuls/id/231204
>