Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS11-036.

Impact

Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a malicious PPT file. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms11-036.mspx

Insight

The flaws are due to a memory corruption and buffer overflow error when parsing a malformed PowerPoint file, which could be exploited to execute arbitrary code via a malicious document.

Affected

Microsoft PowerPoint 2007 Converter Microsoft PowerPoint 2002 Service Pack 3 Microsoft PowerPoint 2003 Service Pack 3 Microsoft PowerPoint 2007 Service Pack 2

References

http://support.microsoft.com/kb/2535802
http://support.microsoft.com/kb/2535812
http://support.microsoft.com/kb/2535818
http://support.microsoft.com/kb/2540162
http://www.vupen.com/english/advisories/2011/1201

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1269, CVE-2011-1270
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
Message Queuing Remote Code Execution Vulnerability (951071)
Microsoft .NET Framework Multiple Vulnerabilities (2916607)

Take action and discover your vulnerabilities