Intrusion Prevention

MS.PowerPoint.Malformed.Remote.Code.Execution

Description

This indicates an attempt to exploit a remote Code Execution vulnerability in Microsoft PowerPoint.
The vulnerability can be exploited via a crafted ".ppt" file with a malformed "NamedShows" record. As a result a remote attacker can execute arbitrary code on a vulnerable system with the privileges of the PowerPoint user. This vulnerability is exploited by the "PPDropper.F" and "Exploit-PPT.d" malware.

Affected Products

Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft PowerPoint 2003
Microsoft PowerPoint 2004 for Mac
Microsoft PowerPoint 2004 v. X for Mac

Impact

System Compromise: Remote code execution.

Recommended Actions

Apply the following patch:
http://www.microsoft.com/technet/security/bulletin/MS06-058.mspx

CVE References

CVE-2006-4694