Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0976

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-0976
Last Modified 04 Oct 2011 10:52:42
Published 10 Feb 2011 02:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0976

Summary

Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka "OfficeArt Atom RCE Vulnerability."

Vulnerable Systems

Application

  • Microsoft Powerpoint 2007


References

CERT - TA11-102A

MISC - http://zerodayinitiative.com/advisories/ZDI-11-044/

VUPEN - ADV-2011-0941

SECTRACK - 1025340

BUGTRAQ - 20110207 ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability

MS - MS11-022

SECUNIA - 43213

MISC - http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft

Related Patches

MS11-022 Security Update for Microsoft PowerPoint 2010, 32-Bit Edition (KB2519975)

MS11-022 Security Update for Microsoft PowerPoint 2010, 64-Bit Edition (KB2519975)

MS11-022 MS11-021 2489283 2489279 2525412 Microsoft Office 2011 for Mac Update 14.1.0


Last Updated: 27 May 2016 10:56:07