Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS11-036.

Impact

Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a malicious PPT file. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms11-036.mspx

Insight

The flaws are due to a memory corruption and buffer overflow error when parsing a malformed PowerPoint file, which could be exploited to execute arbitrary code via a malicious document.

Affected

Microsoft PowerPoint 2007 Converter Microsoft PowerPoint 2002 Service Pack 3 Microsoft PowerPoint 2003 Service Pack 3 Microsoft PowerPoint 2007 Service Pack 2

References

http://support.microsoft.com/kb/2535802
http://support.microsoft.com/kb/2535812
http://support.microsoft.com/kb/2535818
http://support.microsoft.com/kb/2540162
http://www.vupen.com/english/advisories/2011/1201

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1269, CVE-2011-1270

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
Microsoft Excel Remote Code Execution Vulnerabilities (968557)
Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
Cumulative Security Update for Internet Explorer (931768)
Microsoft Groove Remote Code Execution Vulnerability (2494047)

Take action and discover your vulnerabilities