Vulnerability Discovered in Microsoft PowerPoint
( MS11-036, CVE-2011-1269 , CVE-2011-1270 )
Summary
A remote code execution vulnerability has been identified in Microsoft PowerPoint. A remote attacker could exploit this issue via a malformed PowerPoint file. Successful exploitation may allow execution of arbitrary code on a targeted system.
Details
Microsoft PowerPoint is a popular graphics application for preparing slides and presentations.
The vulnerability is caused when Microsoft PowerPoint fails to properly handle memory during function calls while parsing a specially crafted PowerPoint file. A remote attacker could trigger this flaw by convincing a victim to open a specially crafted PowerPoint file with either a malformed RecolorInfo Atom or TextHeader Atom within it. Successful exploitation may allow execution of arbitrary code on a vulnerable system.
Affected Products
PowerPoint 2002 SP3 and PowerPoint 2003 SP3 are affected by this issue.
Solution
Check Point IPS Software Blade and SmartDefense provide network protection against this vulnerability in the latest IPS update by detecting and blocking the transferal of malformed PowerPoint files over HTTP. For more information see CPAI-2011-247 and CPAI-2011-248.
Originally Published:
Last Updated: 10-May-2011