Microsoft Office PowerPoint Parsing Code Execution Vulnerability (Zero-day)
 |
 |
 |
 |
 |
(Microsoft Security Advisory 969136, CVE-2009-0556)
Microsoft Office PowerPoint, a popular presentation program from Microsoft, contains a remote code execution vulnerability. There have been some limited reports of attacks in the wild that utilize this vulnerability.
Vulnerability Details
The affected software includes Microsoft Office PowerPoint 2000, 2002, and 2003. When a victim opens a maliciously crafted PowerPoint file, the file triggers an error in PowerPoint caused by attempting to access an invalid object in the memory. Hackers can use this to execute arbitrary code on the target computer. An unsuccessful attack attempt may also cause Microsoft PowerPoint to terminate abnormally, resulting in the loss of any unsaved data from the current session.
Protection
Since no patch has been released by Microsoft, Check Point recommends that companies augment their patching process with integrated and dedicated intrusion prevention systems. These can be deployed both at the network perimeter and at internal locations, separating the company’s network into segments. Check Point SmartDefense, and the new Check Point IPS Software Blade provide protection against attacks that use this vulnerability. For more details, see CPAI-2009-066.