---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: Microsoft PowerPoint Malformed Record Vulnerability SECUNIA ADVISORY ID: SA20633 VERIFY ADVISORY: http://secunia.com/advisories/20633/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft PowerPoint 2002 http://secunia.com/product/2223/ Microsoft PowerPoint 2000 http://secunia.com/product/3052/ Microsoft Office XP http://secunia.com/product/23/ Microsoft Office X for Mac http://secunia.com/product/2610/ Microsoft Office Powerpoint 2003 http://secunia.com/product/5274/ Microsoft Office 2004 for Mac http://secunia.com/product/8713/ Microsoft Office 2000 http://secunia.com/product/24/ DESCRIPTION: A vulnerability has been reported in Microsoft PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a memory corruption error when processing PowerPoint documents containing malformed records. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Microsoft PowerPoint 2000: http://www.microsoft.com/downloads/details.aspx?FamilyId=F635F2CB-CFEE-4129-BB77-4779A3B05674 Microsoft PowerPoint 2002: http://www.microsoft.com/downloads/details.aspx?FamilyId=60A1EB9F-F04B-4D21-A95E-CCC90D9782AB Microsoft PowerPoint 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=FCED8804-45B4-4FD2-8FDB-4960C5BB8954 Microsoft PowerPoint 2004 for Mac: http://www.microsoft.com/mac/ Microsoft PowerPoint v. X for Mac: http://www.microsoft.com/mac/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Nicolas Ruff, Fabrice Desclaux, and Kostya Kortchinsky. * Elia Florio, Symantec. * Dejun Meng, Fortinet Security Response Team. ORIGINAL ADVISORY: MS06-028 (KB916768): http://www.microsoft.com/technet/security/Bulletin/MS06-028.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------