[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Secunia Research: Microsoft PowerPoint Freelance Layout Parsing Vulnerability



====================================================================== 

                     Secunia Research 10/06/2009

    - Microsoft PowerPoint Freelance Layout Parsing Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Microsoft Office PowerPoint 2000
* Microsoft Office PowerPoint 2002

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately critical
Impact: System compromise
Where:  Remote

====================================================================== 
3) Vendor's Description of Software 

"Microsoft Office PowerPoint 2007 enables users to quickly create
high-impact, dynamic presentations, while integrating workflow and 
ways to easily share information. From the Microsoft Office Fluent 
user interface to the new graphics and formatting capabilities, Office
PowerPoint 2007 puts the control in your hands to create great-looking
presentations.".

Product Link:
http://office.microsoft.com/powerpoint

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in Microsoft 
PowerPoint, which can be exploited by malicious people to compromise 
a user's system.

The vulnerability is caused by an array-indexing error in the 
Microsoft PowerPoint Freelance Windows 2.1 Translator (FL21WIN.DLL) 
when parsing layout information and can be exploited to cause a 
heap-based buffer overflow.

Successful exploitation allows execution of arbitrary code.

NOTE: On systems with MS09-017 applied, support for Freelance files 
is disabled by default, but can be re-enabled via a key in the
registry.

====================================================================== 
5) Solution 

Microsoft states that no fix will be issued. However, installations 
with MS09-017 applied block opening of Freelance files by default.

Users having enabled Freelance file support should not open Freelance
files from untrusted sources.

====================================================================== 
6) Time Table 

22/05/2009 - Vendor notified.
23/05/2009 - Vendor response.
03/06/2009 - Vendor informs that no security bulletin will be issued
             as Freelance files are blocked by default after applying
             MS09-017.
04/06/2009 - Vendor informed that Secunia agrees that a new security
             bulletin is not required. It is, however, recommended to
             update MS09-017 to inform users that Freelance support 
             has been disabled by default and should not be re-enabled
             as the translator is affected by a critical 
             vulnerability.
10/06/2009 - Public disclosure.

====================================================================== 
7) Credits 

Discovered by Carsten Eiram, Secunia Research.

====================================================================== 
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
CVE-2009-0202 for the vulnerability.

====================================================================== 
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

====================================================================== 
10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2009-29/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/