Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability

Added: 01/12/2012
CVE: CVE-2011-0655
BID: 47252
OSVDB: 71771


Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.


The vulnerability is caused when PowerPoint reads an invalid record in a specially crafted PowerPoint file. A remote attacker could exploit this flaw by convincing a victim to open a specially crafted PowerPoint file which contains a malformed ExtTimeNodeContainer record. Successful exploitation of this issue may allow execution of arbitrary code in the context of the affected user.


Apply the patch provided in Microsoft Security Bulletin MS11-022.



Exploit works on Microsoft PowerPoint 2007 SP2. The target user must open the exploit file in Powerpoint.

This exploit uses the perl CPAN modules IO::Uncompress and Compress::Zlib to compress the data transferred to the target.



Back to exploit index