PowerPoint File Parsing Vulnerability New

A security vulnerability exists in Microsoft® PowerPoint 2000 which could allow a user to construct a PowerPoint file that, when opened, could potentially run code on the reader’s system.

Issue

A parsing routine that is executed when PowerPoint 2000 opens files contains an unchecked buffer. If an attacker inserted specially chosen data into a PowerPoint file and could entice another user into opening the file on his machine, the data would overrun the buffer, causing either of two effects. In the less serious case, overrunning the data would cause PowerPoint to fail, but wouldn’t have any other effect. In the more serious case, overrunning the buffer could allow the attacker to cause code of her choice to run on the user’s machine. The code could take any action that the user himself could take on the machine. Typically, this would enable the attacker’s code to add, change or delete data, communicate with a remote server, or take other actions.

In order for this behavior to occur, a malicious user would need to entice a user into either opening the malformed PowerPoint 2000 file, visiting a malicious website, or viewing a specially crafted html email message.

Affected Products

• Microsoft PowerPoint 2000

Download

Patch: http://officeupdate.microsoft.com/2000/downloaddetails/ppt2ksec.htm

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: January 25, 2001

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<