Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability

Added: 01/12/2012
CVE: CVE-2011-0655
BID: 47252
OSVDB: 71771

Background

Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.

Problem

The vulnerability is caused when PowerPoint reads an invalid record in a specially crafted PowerPoint file. A remote attacker could exploit this flaw by convincing a victim to open a specially crafted PowerPoint file which contains a malformed ExtTimeNodeContainer record. Successful exploitation of this issue may allow execution of arbitrary code in the context of the affected user.

Resolution

Apply the patch provided in Microsoft Security Bulletin MS11-022.

References

http://www.zerodayinitiative.com/advisories/ZDI-11-123/

Limitations

Exploit works on Microsoft PowerPoint 2007 SP2. The target user must open the exploit file in Powerpoint.

This exploit uses the perl CPAN modules IO::Uncompress and Compress::Zlib to compress the data transferred to the target.

Platforms

Windows

Back to exploit index