CVE-2011-0656

Name of the Vulnerable Software and Affected Versions Microsoft PowerPoint versions 2002 SP3, 2003 SP3, 2007 SP2, and 2010 Office for Mac versions 2004, 2008, and 2011 Open XML File Format Converter for Mac Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 PowerPoint Viewer PowerPoint Viewer 2007 SP2 PowerPoint Web App

Description The issue arises from the improper validation of PersistDirectoryEntry records in PowerPoint documents, allowing remote attackers to execute arbitrary code or cause a denial of service due to memory corruption. This can be triggered by a Slide with a malformed record, leading to an exception and later use of an unspecified method. A remote code execution vulnerability exists in the way that Microsoft PowerPoint handles specially crafted PowerPoint files, which could be included as an e-mail attachment or hosted on a specially crafted or compromised Web site.

Recommendations For Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010, update to a newer version to mitigate the risk. For Office for Mac versions 2004, 2008, and 2011, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2, update to a newer version to mitigate the risk. For PowerPoint Viewer and PowerPoint Viewer 2007 SP2, update to a newer version to mitigate the risk. For PowerPoint Web App, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of PersistDirectoryEntry records in PowerPoint documents until a patch is available.