Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785) Network Vulnerability

Summary

This host is missing critical security update according to Microsoft Bulletin MS08-051.

Impact

Remote attackers could be able to corrupt memory locations via a specially crafted PowerPoint files. Impact Level : System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms08-051.mspx

Insight

Multiple flaw are due to, - an integer overflow error when handling CString objects. - a memory calculation error when processing malformed picture indexes and list values.

Affected

Microsoft PowerPoint 2002/XP/2003/2007 on Windows (All). Microsoft PowerPoint Viewer 2003/2007 on Windows (All).

References

http://www.microsoft.com/technet/security/bulletin/ms08-051.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0120, CVE-2008-0121, CVE-2008-1455

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)
Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)
Microsoft .NET Framework Remote Code Execution Vulnerability (3000414)
Microsoft DirectShow Remote Code Execution Vulnerability (2845187)
Microsoft Internet Explorer Memory Corruption Vulnerability (2755801)

Take action and discover your vulnerabilities