Intrusion Prevention

MS.PPT.Invalid.TimeColorBehaviorContainer.Remote.Code.Execution

Description

This indicates an attack attempt to exploit a remote Code Execution vulnerability in Microsoft Powerpoint.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious "PPT" file. A remote attacker may exploit this to execute arbitrary code via a crafted "PPT" file.

Affected Products

Microsoft PowerPoint Web App Web App
Microsoft PowerPoint Viewer 2007 SP2
Microsoft PowerPoint Viewer 2007 SP1
Microsoft PowerPoint Viewer 2007
Microsoft PowerPoint 2010
Microsoft PowerPoint 2007 SP2
Microsoft PowerPoint 2007 SP1
Microsoft PowerPoint 2007
Microsoft Open XML File Format Converter for Mac
Microsoft Office Compatibility Pack 2007 SP2
Microsoft Office Compatibility Pack 2007 SP1
Microsoft Office Compatibility Pack 2007
Microsoft Office 2011 for Mac
Microsoft Office 2008 for Mac
Microsoft Office 2004 for Mac

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
Microsoft Open XML File Format Converter for Mac
Microsoft OpenXMLConverter119.dmg
http://www.microsoft.com/downloads/details.aspx?FamilyID=0c323a12-6385-4666-ad39-a9516a8eda14
Microsoft Office 2008 for Mac
Microsoft Office2008-1229UpdateEN.dmg
http://www.microsoft.com/downloads/details.aspx?FamilyID=84dfe3f4-a2a1-47b9-8da1-29ae67230918
Microsoft Office 2004 for Mac
Microsoft Office2004-1163UpdateEN.dmg
http://www.microsoft.com/downloads/details.aspx?FamilyID=f756d836-6ab2-4adb-9dee-6cb523d7c1f5
Microsoft Office Compatibility Pack 2007 SP2
Microsoft Office2007-kb2464635-fullfile-x86-glb.exe
http://www.microsoft.com/downloads/details.aspx?FamilyID=913efc28-7deb-47b8-8c22-8eb5fc2631e4
Microsoft PowerPoint 2007 SP2
Microsoft PowerPoint2007-KB2464594-fullfile-x86-glb.exe
http://www.microsoft.com/downloads/details.aspx?familyid=6b2526fe-a061-4a17-992e-ac867bef130e
Microsoft Office 2011 for Mac
Microsoft Office2011-1410UpdateEN.dmg
http://www.microsoft.com/downloads/details.aspx?FamilyID=ef1e612f-d8e3-4628-9fe4-ad136f0debd3
Microsoft PowerPoint Viewer 2007 SP2
Microsoft office2007-KB2464623-fullfile-x86-glb.exe
http://www.microsoft.com/downloads/details.aspx?FamilyID=6e23d3c3-2944-42ea-80b3-0663af60d0f1
Microsoft PowerPoint 2010
Microsoft PowerPoint2010-kb2519975-fullfile-x86-glb.exe
http://www.microsoft.com/downloads/details.aspx?familyid=549ca7f0-44bf-4965-a9d2-aa5e8dac2238
Microsoft PowerPoint2010-kb2519975-fullfile-x64-glb.exe
http://www.microsoft.com/downloads/details.aspx?familyid=ef62deae-2b07-41c9-a4bf-b746566e59ee

CVE References

CVE-2011-0655