Microsoft Office PowerPoint Multiple Vulnerabilities

Secunia ID	SA31453
CVE-ID	CVE-2008-0120, CVE-2008-0121, CVE-2008-1455
Release Date	12 Aug 2008
Last Change	21 Aug 2008
Criticality	Highly Critical Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure. Such vulnerabilities can exist in services like FTP, HTTP, and SMTP or in client systems like email programs or browsers.
Solution Status	Vendor Patch
Software	Microsoft Office 2000 Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office 2004 for Mac Microsoft Office 2007 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Microsoft Office PowerPoint 2003 Viewer Microsoft Office PowerPoint 2007 Microsoft Office XP Microsoft PowerPoint 2000 Microsoft PowerPoint 2002 Microsoft Powerpoint 2003
Where	From remote "From remote" describes other vulnerabilities where the attack vector doesn't require access to the system or a local network. This category covers services that are acceptable to expose to the Internet (e.g. HTTP, HTTPS, SMTP). It also covers client applications used on the Internet and certain vulnerabilities where it is reasonable to assume that a security conscious user can be tricked into performing certain actions.
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	Some vulnerabilities have been reported in Microsoft PowerPoint, which can be exploited by malicious people to compromise a user's system. 1) An integer overflow error when handling CString objects can be exploited to corrupt memory via a specially crafted PowerPoint file. 2) A memory calculation error when processing malformed picture indexes can be exploited to corrupt memory via a specially crafted PowerPoint file. 3) A memory calculation error when processing list values can be exploited to corrupt memory via a specially crafted PowerPoint file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Solution	Apply patches. Microsoft Office PowerPoint 2000 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=e7c044d8-778a-4985-b25b-4f7f6e4abadd Microsoft Office PowerPoint 2002 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=f8921074-7985-4d42-ac2b-d2f3b1d466ba Microsoft Office PowerPoint 2003 SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=7a7c21f0-5e0e-4dee-9710-1ce3d565913f Microsoft Office PowerPoint 2003 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=7a7c21f0-5e0e-4dee-9710-1ce3d565913f Microsoft Office PowerPoint 2007: http://www.microsoft.com/downloads/details.aspx?FamilyId=55fd618a-e9c5-4f1e-b9a5-b2e47ec98ef1 Microsoft Office PowerPoint 2007 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=55fd618a-e9c5-4f1e-b9a5-b2e47ec98ef1 Microsoft Office PowerPoint Viewer 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=911c8872-dec8-4b8e-9708-93dcabd3e036 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats: http://www.microsoft.com/downloads/details.aspx?familyid=84ce5d58-0010-4945-bce9-67a41f898f2f Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1: http://www.microsoft.com/downloads/details.aspx?familyid=84ce5d58-0010-4945-bce9-67a41f898f2f Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyId=EBD3AF0C-3F62-4D18-BF45-881655683BD5 NOTE: Microsoft has released new update packages for Microsoft Office PowerPoint 2003 Service Pack 2 and Microsoft Office PowerPoint 2003 Service Pack 3. Please see the vendor's advisory for further details.
Reported by	1,2) Ruben Santamarta, Reversemode.com via iDefense Labs. 3) The vendor credits ADLab, Venustech.
Original Advisory	MS08-051 (KB949785): http://www.microsoft.com/technet/security/Bulletin/MS08-051.mspx iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=738 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=739