CVE-2011-0976

Name of the Vulnerable Software and Affected Versions Microsoft PowerPoint versions 2002 SP3, 2003 SP3, and 2007 SP2 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 PowerPoint Viewer 2007 SP2

Description The issue arises from the improper handling of Office Art containers with invalid records, allowing remote attackers to execute arbitrary code or cause a denial of service due to memory corruption. This can be triggered by a specially crafted PowerPoint document that contains a container leading to certain access to an uninitialized object. An attacker could exploit this by creating a specially crafted PowerPoint file, which could be sent as an email attachment or hosted on a specially crafted or compromised website.

Recommendations For Microsoft PowerPoint 2002 SP3, consider disabling the handling of Office Art containers until a patch is available. For Microsoft PowerPoint 2003 SP3, restrict access to specially crafted PowerPoint files to minimize the risk of exploitation. For Microsoft PowerPoint 2007 SP2, avoid opening PowerPoint documents from untrusted sources until the issue is resolved. For Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2, and PowerPoint Viewer 2007 SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.