Otkriven je jedan sigurnosni propust vezan uz Microsoft Powerpoint. Microsoft PowerPoint je program za izradu prezentacija, proizvod tvrtke Microsoft. Otkriveni propust se javlja prilikom parsiranja određenih objekata koji se ne inicijaliziraju ispravno prije upotrebe što dovodi do problema prilikom zatvaranja dokumenta. Udaljeni napadač može iskoristiti propust navodeći korisnika na otvaranje posebno oblikovane Powerpoint datoteke, a rezultat napada je pokretanje proizvoljnog programskog koda. Za sada nije dostupna nadogradnja koja otklanja otkriveni propust.

Microsoft Office PowerPoint OfficeArt Atom Code Execution Vulnerability

VUPEN ID 	VUPEN/ADV-2011-0310
CVE ID 	GENERIC-MAP-NOMATCH
 
CWE ID 	Available in VUPEN VNS Customer Area
CVSS V2 	Available in VUPEN VNS Customer Area
Rated as 	Critical 
Impact 	Available in VUPEN VNS Customer Area
Authentication Level 	Available in VUPEN VNS Customer Area
Access Vector 	Available in VUPEN VNS Customer Area
Release Date 	2011-02-08
Share 	Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

A vulnerability has been identified in Microsoft Office PowerPoint, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a memory corruption error when parsing external objects within an Office Art container, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PowerPoint file.

Affected Products

Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint 2003
Microsoft Office PowerPoint 2002

Microsoft Office 2007
Microsoft Office 2003
Microsoft Office 2002

Solution 

VUPEN Security is not aware of any vendor-supplied patch.

References

http://www.vupen.com/english/advisories/2011/0310
http://www.zerodayinitiative.com/advisories/ZDI-11-044/

Credits 

Vulnerability reported by TippingPoint ZDI.

Changelog 

2011-02-08 : Initial release