TITLE:
Microsoft PowerPoint Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA21040
VERIFY ADVISORY:
http://secunia.com/advisories/21040/
CRITICAL:
Extremely critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Office 2000
http://secunia.com/product/24/
Microsoft Office 2003 Professional Edition
http://secunia.com/product/2276/
Microsoft Office 2003 Small Business Edition
http://secunia.com/product/2277/
Microsoft Office 2003 Standard Edition
http://secunia.com/product/2275/
Microsoft Office 2003 Student and Teacher Edition
http://secunia.com/product/2278/
Microsoft Powerpoint 2003
http://secunia.com/product/5274/
Microsoft Office PowerPoint 2003 Viewer
http://secunia.com/product/4033/
Microsoft Office XP
http://secunia.com/product/23/
Microsoft PowerPoint 2000
http://secunia.com/product/3052/
Microsoft PowerPoint 2002
http://secunia.com/product/2223/
DESCRIPTION:
A vulnerability has been reported in Microsoft PowerPoint, which can
be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unknown error when parsing certain strings in a specially crafted document. Successful exploitation allows execution of arbitrary code.
NOTE: The vulnerability is currently being exploited in the wild.
SOLUTION:
Do not open untrusted documents.
PROVIDED AND/OR DISCOVERED BY:
Discovered in the wild.
Folks,
I would advise
against opening
ANY PowerPoint document
YOU didn't create. Remember,
MANY of those cute emails that circulate on the Net contain PowerPoint presentations. Those are the very ones most likely to contain this vulnerability.
DON'T BE FOOLISH!
Microsoft PowerPoint Vulnerability - Currently Exploited
Linear Mode
