CVE-2009-0220

Name of the Vulnerable Software and Affected Versions Microsoft Office PowerPoint versions 2000 SP3 through 2003 SP3

Description The issue allows remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format. This is related to incorrect calculations from record headers or integers used to specify the number of bytes to copy. A remote code execution vulnerability exists in the way that Microsoft Office PowerPoint handles specially crafted PowerPoint files, which could be included as an e-mail attachment or hosted on a specially crafted or compromised Web site.

Recommendations For Microsoft Office PowerPoint versions 2000 SP3 through 2003 SP3, consider avoiding the use of the PowerPoint 4.0 importer until a patch is available. As a temporary workaround, restrict the opening of PowerPoint files from untrusted sources to minimize the risk of exploitation.