<<< Date Index >>>     <<< Thread Index >>>

New CVE identifiers for separate PowerPoint 0-day issues assigned



New CVE documents have been published recently to clarify the existence of 
several 0-day type issues in Microsoft PowerPoint.
These are based to three PoCs posted to Bugtraq on Saturday 15th July.

CVE-2006-3655 - Unspecified vulnerability in mso.dll allows executing arbitrary 
code

CVE-2006-3656 - Unspecified vulnerability allows to cause memory corruption 
when closing a PowerPoint document

CVE-2006-3660 - Unspecified vulnerability in powerpnt.exe has unknown
impact

Some reports say code execution is not confirmed and some of these issues cause 
DoS state.
The newest PowerPoint version 2003 is reported as affected, however.

To avoid multiple CVE links this information has been updated to Microsoft 
PowerPoint 0-day Vulnerability FAQ document at
http://blogs.securiteam.com/?p=508
including several other updates and new entries too.

If these issues are confirmed to totally different vulnerabilities I'll remove 
this information from the FAQ document.
At time of writing it's very diffucult to say if these are separate issues. 
Additionally, only two security advisories have been published.

- Juha-Matti