English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Microsoft PowerPoint OutlineTextRefAtom Parsing Vulnerability


Secunia ID

SA34572

CVE-ID

CVE-2009-0556

Release Date

03 Apr 2009

Last Change

10 Jun 2009

Criticality

Extremely Critical

Solution Status

Partial Fix

Software

Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office XP
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft Powerpoint 2003

Where

From remote

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Description

A vulnerability has been reported in Microsoft PowerPoint, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when processing certain index values inside OutlineTextRefAtom atoms. This may result in access to an invalid object in memory when parsing a specially crafted PowerPoint file.

Successful exploitation allows execution of arbitrary code.

NOTE: According to Microsoft, the vulnerability is currently being actively exploited.

Solution

Apply patches.

Microsoft Office PowerPoint 2000 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=f443312a-ac74-4ebc-a4ac-7a756aa67894

Microsoft Office PowerPoint 2002 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=a24ec7ab-c1c7-4ddb-8b6e-107f1af67f49

Microsoft Office PowerPoint 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=ccfa978b-3340-40db-a45d-c880ba36b106

Microsoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyID=5557bfb7-ebb4-4c42-8042-41e830c4e550

Reported by

Reported as a 0-day.

Original Advisory

MS09-017 (KB957781, KB957784, KB957789, KB957790, KB967340, KB969615, KB969618, KB970059, KB969661):
http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx

Microsoft:
http://www.microsoft.com/technet/security/advisory/969136.mspx

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-019/