27324 : Microsoft PowerPoint mso.dll PPT Processing Arbitrary Code Execution
Printer | http://osvdb.org/27324 | Email This | Edit Vulnerability

Views This Week

Views All Time

280

Info

Last Modified

9 months ago

Percent Complete

100%

Disclosure

Jul 14, 2006

Discovery

Unknown

Dates

Exploit

Jul 12, 2006

Solution

Unknown

Description

Microsoft PowerPoint contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered when user opens a malicious PowerPoint PPT file that contains via a malformed shape container that leads to memory corruption in the mso.dll. It is possible that the flaw may allow execute arbitrary commands with user privileges resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch
Exploit: Exploit Available
Disclosure: OSVDB Verified, Discovered in the Wild
OSVDB: Context Dependent

Technical

This issue is actively being exploited in the wild by 'Trojan.PPDropper.B'.

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	PowerPoint	2000
		XP
		2003

References

Security Tracker: 1016496
Bugtraq ID: 18957
CVE ID: 2006-3590 (see also: NVD)
Secunia Advisory ID: 21040
ISS X-Force ID: 27740
CERT VU: 936945
FrSIRT Advisory: ADV-2006-2795
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0257.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0326.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0305.html
Generic Informational URL: http://blogs.securiteam.com/?p=508
Vendor Specific News/Changelog Entry: http://blogs.technet.com/msrc/archive/2006/07/14/441893.aspx
News Article: http://news.com.com/Microsoft+to+plug+PowerPoint+hole/2100-1002_3-6095181.html
http://news.com.com/New+PowerPoint+hole+used+in+cyberattacks/2100-1002_3-6094059. ......
http://www.eweek.com/article2/0,1895,1992128,00.asp
Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/advisory/922970.mspx
Other Advisory URL: http://www.schneier.com/blog/archives/2006/07/zeroday_microso.html
http://www.symantec.com/security_response/writeup.jsp?docid=2006-071212-4413-99
Microsoft Security Bulletin: MS06-048
Keyword: Trojan.PPDropper.B

Tools & Filters

Nessus	22190

Credit

Elia Florio - elia_floriosymantec.com - Symantec Corp.

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Technical

Solution

Products

Microsoft Corporation

PowerPoint

References

Tools & Filters

Credit

Blogs

Comments