MS.PowerPoint.Malformed.Records.Code.Execution
Description
This indicates an attempt to exploit a remote code execution vulnerability in Microsoft PowerPoint.
The vulnerability can be exploited via a specially crafted .PPT file with malformed values in the "GenericDateMCAtom", "HeaderMCAtom" and "FooterMCAtom" records. As a result, a remote attacker can execute arbitrary code with the privileges of the victim on a vulnerable system.
Affected Products
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft PowerPoint 2003
Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Impact
System compromise: remote code execution.
Recommended Actions
Currently, we are not aware of any vendor-supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |