CVE-2009-1129

Name of the Vulnerable Software and Affected Versions Microsoft Office PowerPoint versions 2000 SP3 through 2003 SP3

Description A remote code execution issue exists in the way Microsoft Office PowerPoint handles specially crafted PowerPoint files, potentially allowing attackers to execute arbitrary code. This is due to multiple stack-based buffer overflows in the PowerPoint 95 importer. An attacker could exploit this by creating a specially crafted PowerPoint file that could be included as an e-mail attachment or hosted on a specially crafted or compromised Web site.

Recommendations For Microsoft Office PowerPoint versions 2000 SP3 through 2003 SP3, update to a version that includes the fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting the handling of PowerPoint 95 native file format files until a patch is available.