CVE-2009-1130

Name of the Vulnerable Software and Affected Versions Microsoft Office PowerPoint versions 2002 SP3 through 2003 SP3 Microsoft Office 2004 for Mac

Description A heap-based buffer overflow issue allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file. This occurs when PowerPoint reads more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer. The vulnerability can be exploited by creating a specially crafted PowerPoint file that could be included as an e-mail attachment or hosted on a specially crafted or compromised Web site.

Recommendations For Microsoft Office PowerPoint versions 2002 SP3 and 2003 SP3, update to a version that is not affected by this issue. For Microsoft Office 2004 for Mac, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of Notes containers in PowerPoint files until a patch is available.