Remote Code Exploit Leverages Legacy PowerPoint Files
( Microsoft Security Bulletin MS10-088, CVE-2010-2572 )
Summary
A remote code execution vulnerability has been identified in Microsoft PowerPoint. A remote attacker could exploit this issue via a malformed PowerPoint file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system.
Details
Microsoft PowerPoint is a popular graphics software for preparing slides and presentations.
The vulnerability is due to an issue in PowerPoint that results in its failure to properly parse PowerPoint 95 files. A remote attacker could trigger this flaw by convincing a victim to open a specially crafted PowerPoint file in legacy format. Successful exploitation of this issue may corrupt system memory, allowing execution of arbitrary code on a vulnerable system.
Affected Products
This issue exists in Microsoft PowerPoint 2002 SP3 and Microsoft PowerPoint 2003 SP3.
Solution
Check Point IPS Software Blade and NGX SmartDefense provide network protection for unpatched systems in the latest IPS update by detecting and blocking the transferal of legacy PowerPoint files over HTTP. For more information, see SBP-2010-30.
Originally Published:
Last Updated: 09-Nov-2010