[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200906100740.n5A7ereg005732@ca.secunia.com>
Date: Wed, 10 Jun 2009 09:40:53 +0200
From: Secunia Research <remove-vuln@...unia.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Secunia Research: Microsoft PowerPoint Freelance
Layout Parsing Vulnerability
======================================================================
Secunia Research 10/06/2009
- Microsoft PowerPoint Freelance Layout Parsing Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
* Microsoft Office PowerPoint 2000
* Microsoft Office PowerPoint 2002
NOTE: Other versions may also be affected.
======================================================================
2) Severity
Rating: Moderately critical
Impact: System compromise
Where: Remote
======================================================================
3) Vendor's Description of Software
"Microsoft Office PowerPoint 2007 enables users to quickly create
high-impact, dynamic presentations, while integrating workflow and
ways to easily share information. From the Microsoft Office Fluent
user interface to the new graphics and formatting capabilities, Office
PowerPoint 2007 puts the control in your hands to create great-looking
presentations.".
Product Link:
http://office.microsoft.com/powerpoint
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in Microsoft
PowerPoint, which can be exploited by malicious people to compromise
a user's system.
The vulnerability is caused by an array-indexing error in the
Microsoft PowerPoint Freelance Windows 2.1 Translator (FL21WIN.DLL)
when parsing layout information and can be exploited to cause a
heap-based buffer overflow.
Successful exploitation allows execution of arbitrary code.
NOTE: On systems with MS09-017 applied, support for Freelance files
is disabled by default, but can be re-enabled via a key in the
registry.
======================================================================
5) Solution
Microsoft states that no fix will be issued. However, installations
with MS09-017 applied block opening of Freelance files by default.
Users having enabled Freelance file support should not open Freelance
files from untrusted sources.
======================================================================
6) Time Table
22/05/2009 - Vendor notified.
23/05/2009 - Vendor response.
03/06/2009 - Vendor informs that no security bulletin will be issued
as Freelance files are blocked by default after applying
MS09-017.
04/06/2009 - Vendor informed that Secunia agrees that a new security
bulletin is not required. It is, however, recommended to
update MS09-017 to inform users that Freelance support
has been disabled by default and should not be re-enabled
as the translator is affected by a critical
vulnerability.
10/06/2009 - Public disclosure.
======================================================================
7) Credits
Discovered by Carsten Eiram, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2009-0202 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2009-29/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists