Intrusion Prevention



This indicates an attempt to exploit a remote Code Execution vulnerability in Microsoft PowerPoint.
The vulnerability can be exploited via a crafted ".ppt" file with a malformed "NamedShows" record. As a result a remote attacker can execute arbitrary code on a vulnerable system with the privileges of the PowerPoint user. This vulnerability is exploited by the "PPDropper.F" and "Exploit-PPT.d" malware.

Affected Products

Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft PowerPoint 2003
Microsoft PowerPoint 2004 for Mac
Microsoft PowerPoint 2004 v. X for Mac


System Compromise: Remote code execution.

Recommended Actions

Apply the following patch:

CVE References