---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Microsoft PowerPoint Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32428 VERIFY ADVISORY: http://secunia.com/advisories/32428/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft PowerPoint, which can be exploited by malicious people to compromise a user's system. 1) Two boundary errors when processing certain atoms can be exploited to cause stack-based buffer overflows via a specially crafted PowerPoint file. 2) An error when parsing paragraph formatting data can be exploited to corrupt memory via a specially crafted PowerPoint 4.0 file. 3) An integer overflow error when parsing invalid record types can be exploited to corrupt memory via a specially crafted PowerPoint file. 4) An error when parsing list records can be exploited to corrupt memory via a specially crafted PowerPoint file. 5) An error when parsing certain malformed structure values can be exploited to corrupt memory via a specially crafted PowerPoint file. 6) Multiple errors when parsing sound data can be exploited to corrupt memory via specially crafted PowerPoint 4.0 and 95 files. Successful exploitation of the vulnerabilities allows execution of arbitrary code. SOLUTION: Apply patches. Microsoft Office PowerPoint 2000 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894 Microsoft Office PowerPoint 2002 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49 Microsoft Office PowerPoint 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106 Microsoft Office PowerPoint 2007 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=11f8380f-ffb6-4c22-a89c-3dc55d0f9834 Microsoft Office PowerPoint 2007 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=11f8380f-ffb6-4c22-a89c-3dc55d0f9834 Microsoft Office 2004 for Mac: According to the vendor, patches are still in development and will be released at a later stage. Microsoft Office 2008 for Mac: According to the vendor, patches are still in development and will be released at a later stage. Open XML File Format Converter for Mac: According to the vendor, patches are still in development and will be released at a later stage. PowerPoint Viewer 2003: http://www.microsoft.com/downloads/details.aspx?familyid=6a57e6ed-bd24-406f-87bb-117391e083e0 PowerPoint Viewer 2007 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?familyid=141b8338-5c52-4326-a9e4-d2f2d8940d9c Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1: http://www.microsoft.com/downloads/details.aspx?familyid=e1d3a4c3-538a-4f98-8d60-250803a80e2a Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2: http://www.microsoft.com/downloads/details.aspx?familyid=e1d3a4c3-538a-4f98-8d60-250803a80e2a Microsoft Works 8.5: According to the vendor, patches are still in development and will be released at a later stage. Microsoft Works 9.0: According to the vendor, patches are still in development and will be released at a later stage. PROVIDED AND/OR DISCOVERED BY: 1) Carsten Eiram, Secunia Research. 2) The vendor credits an anonymous person via VeriSign iDefense Labs. 3) The vendor credits Sean Larsson, VeriSign iDefense Labs. 4) The vendor credits Sean Larsson, VeriSign iDefense Labs. 5) The vendor credits Ling and Wushi, team509 via ZDI and Sean Larsson, VeriSign iDefense Labs. 6) The vendor credits: * Marsu Pilami, VeriSign iDefense Labs. * Nicolas Joly, Vupen. * An anonymous person via VeriSign iDefense Labs. ORIGINAL ADVISORY: MS09-017 (KB957781, KB957784, KB957789, KB957790, KB967340, KB969615, KB969618, KB970059): http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx Secunia Research: http://secunia.com/secunia_research/2008-46/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------