Microsoft PowerPoint malformed data record vulnerability

Added: 01/17/2007
CVE: CVE-2006-3876
BID: 20322
OSVDB: 29447

Background

Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.

Problem

Improper handling of malformed Data records in PowerPoint files allows command execution.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 06-058.

References

http://www.kb.cert.org/vuls/id/938196
http://www.microsoft.com/technet/security/Bulletin/MS06-058.mspx

Limitations

Exploit works on Microsoft PowerPoint 2000 SR-1 (9.0.3821). Exploit requires a user to open the exploit file in Microsoft PowerPoint.

Platforms

Windows

Back to exploit index