Title

Multiple Vulnerabilities in Microsoft Office PowerPoint (Cat II impact)

Discussion

Microsoft has reported multiple vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer. To exploit these vulnerabilities, an attacker would entice a user to access a malicious PowerPoint file hosted on a web site or sent via email. If successfully exploited, these vulnerabilities would allow an attacker to execute arbitrary code and compromise the affected system. At this time, there are no known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. Floating Point Techno-color Time Bandit RCE Vulnerability - (CVE-2011-0655): A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles specially crafted PowerPoint files. An attacker could exploit the vulnerability by creating a specially crafted PowerPoint file that could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site. Persist Directory RCE Vulnerability - (CVE-2011-0656): A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles specially crafted PowerPoint files. An attacker could exploit the vulnerability by creating a specially crafted PowerPoint file that could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site. OfficeArt Atom RCE Vulnerability - (CVE-2011-0976): A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles specially crafted PowerPoint files. An attacker could exploit the vulnerability by creating a specially crafted PowerPoint file that could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.

Check Content

See IAVM notice and Microsoft Bulletin MS11-022 (KB 2489283) for additional information. Vulnerable Applications/Systems: Microsoft PowerPoint 2002 SP3 Microsoft PowerPoint 2003 SP3 Microsoft PowerPoint 2007 SP2 Microsoft PowerPoint 2010 (x86 & x64) Microsoft Office Compatibility Pack SP2 Microsoft PowerPoint Viewer 2007 SP2 Microsoft PowerPoint Web App Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Powerpnt.exe Microsoft PowerPoint 2002 SP3 - 10.0.6868.0 Microsoft PowerPoint 2003 SP3 - 11.0.8334.0 Microsoft PowerPoint 2007 SP2 - 12.0.6545.5000 Ppcore.dll Microsoft PowerPoint 2010 (x86 & x64) -14.0.5136.5003 Ppcnv.dll Microsoft Office Compatibility Pack SP2 - 12.0.6550.5000 Pptview.exe Microsoft PowerPoint Viewer 2007 SP2 - 12.0.6550.5000 gkpowerpoint.dll Microsoft PowerPoint Web App. - 14.0.5136.5000 System administrators should refer to the Microsoft Security Bulletin to determine affected applications/system and appropriate fix actions.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-26525

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.