CVE-2007-2494

Name of the Vulnerable Software and Affected Versions PowerPointViewer.ocx version 3.1.0.3

Description The issue is related to multiple stack-based buffer overflows in the PowerPointOCX ActiveX control. This can be exploited by remote attackers to cause a denial of service, specifically crashing Internet Explorer 7, by providing a long value for certain properties, including DoOleCommand, FTPDownloadFile, FTPUploadFile, HttpUploadFile, Save, SaveWebFile, HttpDownloadFile, Open, or OpenWebFile.

Recommendations For PowerPointViewer.ocx version 3.1.0.3, consider disabling the ActiveX control until a patch is available to prevent potential crashes of Internet Explorer 7. Restrict access to the properties that can cause the buffer overflows, such as limiting the length of input for DoOleCommand, FTPDownloadFile, FTPUploadFile, HttpUploadFile, Save, SaveWebFile, HttpDownloadFile, Open, or OpenWebFile, to minimize the risk of exploitation.