Content
Microsoft PowerPoint 2003 Zero-Day Vulnerability
- Type
- Buffer Overflow
- Impact of exploitation
- Denial of Service
- User Interaction
- user interaction is needed
- Attack Vector
- Website or e-mail with malicious content
- Rating
- Medium
- CVE reference
- CVE-2006-5296,
- Vendor Status
- Responded, not patched
- Vulnerable systems
- PowerPoint 2003,
- Windows XP SP0 - SP2,
- Windows 2003 SP0 - SP1,
- Windows 2000 SP4,
- Summary
- A vulnerability exists in Microsoft PowerPoint that may allow for a denial of service attack. This can be exploited by visiting a malicious website or opening an email attachment.
Tab Navigation
Description
Microsoft PowerPoint is an industry-standard presentation application. A vulnerability is present in Microsoft PowerPoint that may allow for a crash of the PowerPoint application. This previously undisclosed and unpatched issue is due to errors in processing specially crafted PowerPoint documents. Successful exploitation could occur when a user visits a website hosting the file or when opening the PowerPoint email attachment.
McAfee Product Mitigation & Recommendations
Recommendations
McAfee Avert Labs is not aware of a vendor-supplied patch/upgrade at this time.
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- Microsoft PowerPoint 2003 Zero-Day Vulnerability
- Signature identifier:
- 4685
- Release date:
- 10/17/2006
McAfee Intrushield
The following Intrushield User Defined Signature (UDS) protects against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- UDS-HTTP: Malformed PowerPoint File Transfer
- Signature identifier:
- 0x4022ED00
- Release date:
- 10/13/2006
- First released in:
- sigset 3.1.22
McAfee Host IPS
Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge
- Signature:
- Generic buffer overflow protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
VSE8.0i and MVS protect against many buffer overflow exploits. McAfee Avert Labs will update DAT coverage for this vulnerability as new threats emerge.
- Signature:
- Buffer Overflow Protection
- Release date:
- 8/30/2004
- First released in:
- build 131
Additional Resources
PoC published for MS Office 2003 PowerPoint
http://blogs.technet.com/msrc/default.aspx
Microsoft PowerPoint Unspecified Code Execution Vulnerability
http://secunia.com/advisories/22394/
Microsoft PowerPoint Unspecified Remote Unspecified Code Execution Vulnerability
http://www.securityfocus.com/bid/20495
Vulnerability Summary CVE-2006-5296
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5296
Microsoft Office 2003 unspecified PowerPoint buffer overflow
http://xforce.iss.net/xforce/xfdb/29507
Microsoft PowerPoint Presentation Handling Remote Code Execution Vulnerability
http://www.frsirt.com/english/advisories/2006/4031
Microsoft PowerPoint Unspecified Bug May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2006/Oct/1017059.html
Follow up information on weblog posting about PoC published for MS Office 2003 PowerPoint
All Information
Timeline -
11/10/2006
Vendor has provided information on the vulnerability.
10/16/2006
Vulnerability information has been publicly disclosed.
10/16/2006
Vulnerability information has been publicly disclosed.
10/13/2006
Vulnerability information has been publicly disclosed.
10/13/2006
Vulnerability information has been publicly disclosed.
10/13/2006
Vulnerability information has been publicly disclosed.
10/13/2006
Vulnerability information has been publicly disclosed.
10/12/2006
Vendor has provided information on the vulnerability.
10/12/2006
Denial of service public exploit released
Description -
Microsoft PowerPoint is an industry-standard presentation application. A vulnerability is present in Microsoft PowerPoint that may allow for a crash of the PowerPoint application. This previously undisclosed and unpatched issue is due to errors in processing specially crafted PowerPoint documents. Successful exploitation could occur when a user visits a website hosting the file or when opening the PowerPoint email attachment.
McAfee Product Mitigation & Recommendations
Recommendations -
McAfee Avert Labs is not aware of a vendor-supplied patch/upgrade at this time.
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- Microsoft PowerPoint 2003 Zero-Day Vulnerability
- Signature identifier:
- 4685
- Release date:
- 10/17/2006
McAfee Intrushield
The following Intrushield User Defined Signature (UDS) protects against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- UDS-HTTP: Malformed PowerPoint File Transfer
- Signature identifier:
- 0x4022ED00
- Release date:
- 10/13/2006
- First released in:
- sigset 3.1.22
McAfee Host IPS
Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge
- Signature:
- Generic buffer overflow protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
VSE8.0i and MVS protect against many buffer overflow exploits. McAfee Avert Labs will update DAT coverage for this vulnerability as new threats emerge.
- Signature:
- Buffer Overflow Protection
- Release date:
- 8/30/2004
- First released in:
- build 131
Additional Resources
Additional Resources -
PoC published for MS Office 2003 PowerPoint
http://blogs.technet.com/msrc/default.aspx
Microsoft PowerPoint Unspecified Code Execution Vulnerability
http://secunia.com/advisories/22394/
Microsoft PowerPoint Unspecified Remote Unspecified Code Execution Vulnerability
http://www.securityfocus.com/bid/20495
Vulnerability Summary CVE-2006-5296
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5296
Microsoft Office 2003 unspecified PowerPoint buffer overflow
http://xforce.iss.net/xforce/xfdb/29507
Microsoft PowerPoint Presentation Handling Remote Code Execution Vulnerability
http://www.frsirt.com/english/advisories/2006/4031
Microsoft PowerPoint Unspecified Bug May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2006/Oct/1017059.html
