Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-028: PowerPoint malformed record / Remote Code Execution
MS06-028 - KB 916768

Vulnerable: Office 2000, XP, 2003 for Windows and Office v.X and Office 2004 for Mac (yes, this vulnerability is present on Mac systems)

This vulnerability affects PowerPoint documents and allows for remote code execution with the privileges of the logged in user.  A malicious PowerPoint document with a malformed record can corrupt system memory and be used to execute code.  This patch replaces MS06-010 for PowerPoint 2000.

An attacker would have to somehow convince a victim to open a malicious PowerPoint file to exploit this vulnerability (either by e-mail or web download, for instance).  If the user is logged in as administrator, an attacker would gain full control of the system.  Presumably, different malicious PowerPoint files would have to be created to exploit Windows and Mac (i.e. the same PowerPoint file would likely not be able to exploit both operating systems).

This patch is classified critical for PowerPoint 2000 only, and important for all other versions (including Mac).  This patch fixes the vulnerability detailed in CVE-2006-0022.  Users are advised to apply this patch if they use Microsoft PowerPoint.

John Bambenek -- University of Illinois

262 Posts
ISC Handler
Jun 13th 2006

Sign Up for Free or Log In to start participating in the conversation!