Info

Disclosure

Oct 12, 2006

Discovery

Unknown

Dates

Exploit

Oct 12, 2006

Solution

Unknown

Description

A remote buffer overflow exists in Microsoft PowerPoint. PowerPoint fails to check the input of PPT files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation

PowerPoint

2003

References

Security Tracker: 1017059
CVE ID: 2006-5296 (see also: NVD)
Bugtraq ID: 20495
Secunia Advisory ID: 22394
Milw0rm: 2523
Exploit Database: 2523
SCIP VulDB ID: 2610
ISS X-Force ID: 29507
Vendor Specific News/Changelog Entry: http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx
Other Advisory URL: http://www.frsirt.com/english/advisories/2006/4031 [ Link is 404 ]
News Article: http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553

Credit

nanika - nanikachroot.org -

Direct URL: http://osvdb.org/29720