Intrusion Prevention

MS.PowerPoint.Malformed.Data.Record.Remote.Code.Execution

Description

This indicates an attempt to exploit a vulnerability in Windows and Mac versions of PowerPoint.
The vulnerability may allow user assisted attackers to execute arbitrary code via a crafted Data record in a "PPT" file.

Affected Products

PowerPoint in Microsoft Office 2000, 2002 and 2003.
PowerPoint in Office 2004 for Mac and Office v.X for Mac.

Impact

System Compromise: Arbitrary code execution.

Recommended Actions

The vendor has issued the following fixes:
Microsoft Office 2000 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=14A61FDA-BFE2-47CA-8313-40B772359994
Microsoft Office XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0FBD66FB-28BB-4587-9425-AD4A3F10651D
Microsoft Office 2003 Service Pack 1 or Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D0E30F77-B48F-4B8B-A6FA-105A354B1A4E
Microsoft PowerPoint 2004 for Mac:
http://www.microsoft.com/mac/
Microsoft PowerPoint v. X for Mac:
http://www.microsoft.com/mac/

CVE References

CVE-2006-3876