copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » By Operating... » Windows (all) » AA-2009.0081 -- [Win][Mac][OSX] -- PowerPoint: Execu...
 

AA-2009.0081 -- [Win][Mac][OSX] -- PowerPoint: Execute Arbitrary Code/Commands
Date: 03 April 2009

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AA-2009.0081                  AUSCERT Advisory

                              [Win][Mac][OSX]
                PowerPoint: Execute Arbitrary Code/Commands
                               3 April 2009
- ---------------------------------------------------------------------------

        AusCERT Advisory Summary
        ------------------------

Product:              PowerPoint 2000 Service Pack 3
                      PowerPoint 2002 Service Pack 3
                      PowerPoint 2003 Service Pack 3
                      PowerPoint 2004 for Mac
Publisher:            Microsoft
Operating System:     Windows
                      Mac OS
                      Mac OS X
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2009-0556
Member content until: Friday, May 01 2009

Original Bulletin:    http://www.microsoft.com/technet/security/advisory/969136.mspx

OVERVIEW:

        Microsoft have release a security advisory for a vulnerability in
        Microsoft Office Powerpoint 2000/2002/2003 Service Pack 3 and
        Microsoft Office 2004 for Mac


IMPACT:

        "Microsoft is investigating new reports of a vulnerability in
        Microsoft Office PowerPoint that could allow remote code execution
        if a user opens a specially crafted PowerPoint file. At this time,
        we are aware only of limited and targeted attacks that attempt to
        use this vulnerability." [1]


MITIGATION:

        "An attacker who successfully exploited this vulnerability could gain
        the same user rights as the local user.  Users whose accounts are
        configured to have fewer user rights on the system could be less
        affected than users who operate with administrative user rights.

        In a Web-based attack scenario, an attacker would have to host a Web
        site that contains an Office file that is used to attempt to exploit
        this vulnerability. In addition, compromised Web sites and Web sites
        that accept or host user-provided content could contain specially
        crafted content that could exploit this vulnerability. In all cases,
        however, an attacker would have no way to force users to visit these
        Web sites. Instead, an attacker would have to convince users to visit
        the Web site, typically by getting them to click a link in an e-mail
        message or Instant Messenger message that takes users to the
        attacker's Web site, and then convincing them to open the specially
        crafted PowerPoint file.

        The vulnerability cannot be exploited automatically through e-mail.
        For an attack to be successful a user must open an attachment that
        is sent in an e-mail message.

        Users who have installed and are using the Office Document Open
        Confirmation Tool for Office 2000 will be prompted with Open, Save,
        or Cancel before opening a document. The features of the Office
        Document Open Confirmation Tool are incorporated in Office XP and
        later editions of Office." [1]


REFERENCES:

        [1] Vulnerability in Microsoft Office PowerPoint Could Allow Remote
            Code Execution
            http://www.microsoft.com/technet/security/advisory/969136.mspx

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFJ1aRMNVH5XJJInbgRAkQ0AJ9qLArmktcCC2beIAZtiWueIzOLdwCcDpNa
gIA9FfCyKSliglriI3Px5Ys=
=+nRb
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=21&it=10759