Elia Florio

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat Reader Plugin versions prior to 8.0.0 Adobe Reader versions prior to 7.1.4 Adobe Reader versions prior to 8.1.7 Adobe Reader versions prior to 9.2 **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, when a long sequence of # (hash) characters is appended to a PDF URL. This is related to a cross-site scripting issue and can occur when the plugin is used with browsers such as Internet Explorer, Google Chrome, or Opera. **Recommendations** For Adobe Acrobat Reader Plugin version prior to 8.0.0, update to version 8.0.0 or later. For Adobe Reader version prior to 7.1.4, update to version 7.1.4 or later. For Adobe Reader version prior to 8.1.7, update to version 8.1.7 or later. For Adobe Reader version prior to 9.2, update to version 9.2 or later.

**Name of the Vulnerable Software and Affected Versions** PowerPoint (affected versions not specified) **Description** A remote code execution issue exists and could be exploited when a file containing a malformed shape container is parsed. Such a file might be included in an e-mail attachment or hosted on a malicious web site. An attacker could exploit this by constructing a specially crafted PowerPoint file that could allow remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Microsoft Office versions 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2 Microsoft Office for Mac versions 2004, X Description: The issue allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption. It is a remote code execution vulnerability that can be exploited by constructing a specially crafted PowerPoint file. Recommendations: For Microsoft Office 2000 SP3, update to a version that is not affected by this issue. For Microsoft Office XP SP3, update to a version that is not affected by this issue. For Microsoft Office 2003 SP1 and SP2, update to a version that is not affected by this issue. For Microsoft Office 2004 for Mac, update to a version that is not affected by this issue. For Microsoft Office X for Mac, update to a version that is not affected by this issue.