Intrusion Prevention



This indicates an attempt to exploit a remote Code Execution vulnerability in Microsoft PowerPoint.
The vulnerability can be exploited via a specially crafted ".PPT" file with malformed values in the "GenericDateMCAtom", "HeaderMCAtom" and "FooterMCAtom" records. It may allow a remote attacker to execute arbitrary code with the privileges of the victim, on a vulnerable system.

Affected Products

Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft PowerPoint 2003
Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003


System Compromise: Remote code execution.

Recommended Actions

Currently, we are not aware of any vendor supplied patches for this issue.

CVE References