Microsoft PowerPoint NamedShows record code execution

Added: 10/12/2006
CVE: CVE-2006-4694
BID: 20226
OSVDB: 29259

Background

Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.

Problem

Improper handling of malformed NamedShows records in PowerPoint files allows command execution.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 06-058.

References

http://www.kb.cert.org/vuls/id/231204

Limitations

Exploit works on PowerPoint 2000 SR-1.

A user must follow a link to the exploit in order for the exploit to succeed.

Platforms

Windows

Back to exploit index