Signature Detail
Short Name |
HTTP:STC:DL:PPT-FF-BOF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
PowerPoint File Multiples Buffer Overflow |
Release Date |
2010/10/07 |
Update Number |
1787 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: PowerPoint File Multiples Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the Microsoft PowerPoint file format. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.
Extended Description
Microsoft PowerPoint is prone to multiple remote vulnerabilities. Three proof-of-concept exploit files designed to trigger vulnerabilities in PowerPoint have been released. It is currently unknown if these three exploit files pertain to newly discovered, unpublished vulnerabilities or if they exploit previously disclosed issues. These issues may allow remote attackers to cause crashes or to execute arbitrary machine code in the context of the affected application, but this has not been confirmed. This BID will be updated and potentially split into individual records as further analysis is completed. Microsoft PowerPoint 2003 is vulnerable to these issues; other versions may also be affected.
Affected Products
- Microsoft PowerPoint 2003 SP1
- Microsoft PowerPoint 2003 SP2
- Microsoft PowerPoint 2003
References
- BugTraq: 18993
- BugTraq: 20226
- BugTraq: 19229
- CVE: CVE-2009-0220
- CVE: CVE-2009-1137
- CVE: CVE-2006-3656
- CVE: CVE-2006-4694
- CVE: CVE-2009-0221
- CVE: CVE-2006-3876
- CVE: CVE-2009-0223
- CVE: CVE-2009-1129