|
 |
|
Microsoft PowerPoint Unspecified Code Execution Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA21978
|
|
|
Release Date:
|
2006-09-19
|
|
Last Update:
|
2006-09-20
|
|
|
Critical:
|
Extremely critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
|
|
Exploit code is available.
- Do you want to know when a patch is? |
|
|
Description:
NOTE: This advisory has been revoked. The information in this particular advisory was based on a claim made by Symantec. Symantec erroneously concluded that this was a previously undocumented and unpatched vulnerability. This conclusion was posted in their Symantec Security Response Weblog.
However, further investigation by Secunia has determined that this is in fact MS06-012. This has also been confirmed by Microsoft.
For more information about MS06-012:
SA19138
---
A vulnerability has been reported in Microsoft PowerPoint, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error when parsing PowerPoint presentations.
Successful exploitation allows execution of arbitrary code.
NOTE: The vulnerability is currently being actively exploited.
The vulnerability has been reported in Chinese versions of PowerPoint 2000. Other versions may also be affected.
Solution:
Do not open untrusted Office documents.
Provided and/or discovered by:
Erroneously reported as a 0-day by Symantec.
Changelog:
2006-09-20: This advisory has been revoked based on further investigation and a statement by Microsoft which proves this to be related to the old MS06-012 bulletin and not a 0-day as claimed by Symantec in their description of the Trojan.PPDropper.E and in their Security Response Weblog on 19th September 2006.
Original Advisory:
Symantec:
http://www.symantec.com/enterprise/se...writeup.jsp?docid=2006-091810-5028-99
http://www.symantec.com/enterprise/se...9/exploit_for_unpatched_vulnerab.html
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
