Multiple vulnerabilities in Microsoft PowerPoint
| Reference: |
CERT-IST/AV-2006.322 |
| Version: |
1.0 |
| Version date: |
09 August 2006 |
 |
Vulnerability Classification
| Risk: |
 |
high |
|
| Impact: |
Get access |
| Vulnerability category: |
Multiple |
| Confidence: |
Vendor-acknowledged |
| Attack expertise: |
Beginner |
| Attack requirements: |
Remote (no account) over a standard service |
|
System Information
| Affected Platform(s): |
- Microsoft Windows systems
- Mac OS systems
|
| Affected Software(s): |
- Microsoft Office 2000 Service Pack 3 (Microsoft PowerPoint 2000)
- Microsoft Office XP Service Pack 3 (Microsoft PowerPoint 2002)
- Microsoft Office 2003 Service Pack 1 or Service Pack 2 (Microsoft Office PowerPoint 2003)
- Microsoft Office 2004 for Mac (PowerPoint 2004 for Mac)
- Microsoft Office v. X for Mac (PowerPoint 2004 v. X for Mac)
|
Remarks: - The following softwares are not impacted by these vulnerabilities :
- Microsoft PowerPoint 2003 Viewer
- Microsoft Works Suite 2004, 2005 and 2006
|
|
Description
| Publication context: |
|
| The vulnerability CVE-2006-3590 described in this advisory has been mentioned in the potential danger CERT-IST/DG-2006.005 on July 17, 2006. The threat progress has been followed by the Cert-IST Crisis Hub called "Powerpoint 07/06" . |
|
| Problem description: |
|
| Two vulnerabilities have been discovered in the Microsoft Office suite. Both of them impact the PowerPoint software. These vulnerabilities allow a malicious PowerPoint file, to perform harmful action on a vulnerable system, with the privileges of the victim which attempts to open it. |
|
| Technical information: |
|
The vulnerabilities are the following :
- CVE-2006-3590 : Vulnerability in the shares handling by the "Mso.dll" library.
Note : This vulnerability is already exploited by Trojan horses (see the CERT-IST/DG-2006.005 potential danger dated July 17, 2006).
- CVE-2006-3449 : Vulnerability in the handling of malformed records by PowerPoint.
These two vulnerabilities allow a remote attacker, through a crafted PowerPoint file, to run arbitrary code on a vulnerable system, with the privileges of the victim which attempts to open this file.
"CVSS" base score(s) for this advisory (Source NVD) :
- CVE-2006-3590 : 5.6 (AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
|
|
Solution
Apply the Microsoft patches regarding the PowerPoint vulnerabilities
Patches are available for the various impacted platforms.
See the Microsoft security bulletin MS06-048 ("Additional Resources" section) to get the appropriate patch. |
|
Standard vulnerability IDs
Additional Resources
- Microsoft security advisory MS06-048 dated August 8, 2006
|
|
History
|
|
|
|
|
|
|
|
|
|
Version |
|
|
|
Comment |
|
|
|
Date |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1.0 |
|
|
|
Advisory creation |
|
|
|
09 August 2006 |
|
|
|
|
|
|
|
|
|
|
|
|
|
