Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| MS09-017 | |||
| ADV-2009-1290 | |||
| TA09-132A | |||
| 34835 | |||
| 1022205 | |||
| 20090512 Microsoft PowerPoint Integer Overflow Vulnerabi... |
KB957781 | MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
KB957784 | MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
KB957789 | MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
KB957790 | MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
KB967043 | MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
KB967044 | MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
KB969615 | MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
KB969618 | MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
KB969661 | MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
KB970059 | MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
KB971822 | MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
KB971824 | MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution