CVE-2008-1455

Name of the Vulnerable Software and Affected Versions Microsoft Office PowerPoint versions 2000 SP3 through 2007 SP1 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1 Office 2004 for Mac

Description A memory calculation error in Microsoft Office PowerPoint allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption. The vulnerability can be exploited by creating a specially crafted PowerPoint file that could be included as an e-mail attachment or hosted on a specially crafted or compromised Web site. If successfully exploited, an attacker could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office PowerPoint versions 2000 SP3 through 2007 SP1, update to a version that includes the fix for this issue. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1, update to a version that includes the fix for this issue. For Office 2004 for Mac, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of crafted PowerPoint files until a patch is available.