-
Microsoft PowerPoint Sound Data (CVE-2009-0227) Remote Code Execution Vulnerabilitycase Computer : 2009. 5. 13. 11:17
Bugtraq ID: 34882 Class: Boundary Condition Error CVE: CVE-2009-0227
Remote: Yes Local: No Published: May 12 2009 12:00AM Updated: May 12 2009 11:16PM Credit: Marsu Pilami of VeriSign iDefense Labs
Discussion
Microsoft PowerPoint is prone to a remote code-execution vulnerability.
An attacker can exploit this issue by enticing a victim to open a specially crafted PowerPoint 4.0 file.
Successfully exploiting this issue can allow the attacker to execute arbitrary code in the context of the currently logged-in user.
Solution
The vendor has released an advisory and updates. Please see the references for details.
Microsoft PowerPoint 2002 SP3
- Microsoft Security Update for Microsoft PowerPoint 2002 (KB957781)
http://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7 -4ddb-8b6e-107f1af67f49
- Microsoft Security Update for Microsoft PowerPoint 2000 (KB957790)
http://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74 -4ebc-a4ac-7a756aa67894
- Microsoft Security Update for Microsoft PowerPoint 2003 (KB957784)
http://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340 -40db-a45d-c880ba36b106
References:
- Microsoft PowerPoint 4.2 Conversion Filter Stack Buffer Overflow Vulnerability (iDefense Labs)
- Microsoft PowerPoint Homepage (Microsoft)
- iDefense Security Advisory 05.12.09: Microsoft PowerPoint 4.2 Conversion Filter (iDefense Labs
)
- Microsoft Security Bulletin MS09-017 (Microsoft)
Vulnerable: Microsoft PowerPoint 2003 SP3
Microsoft PowerPoint 2002 SP3
Microsoft PowerPoint 2002 SP2
Microsoft PowerPoint 2002 SP1
Microsoft PowerPoint 2002
Microsoft PowerPoint 2000 SP3
Microsoft PowerPoint 2000 SR1
Microsoft PowerPoint 2000 SP2
Microsoft PowerPoint 2000
반응형'case Computer :' 카테고리의 다른 글
[JavaScript] 자식창에서 부모창으로 링크 (0) 2009.05.28 Microsoft IIS(5,5.1,6) WebDAV 취약점으로 인한 피해 주의 (0) 2009.05.21 Microsoft 보안업데이트(MS09-017) (0) 2009.05.13 SIS First Grade Exam Summary, SIS 1급[수정] (2) 2009.05.11 [tomcat] server ip deny (1) 2009.05.11 - Microsoft Security Update for Microsoft PowerPoint 2002 (KB957781)