Vulnerable function in newest PowerPoint case (MS Advisory #925984)

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Vulnerable function in newest PowerPoint case (MS Advisory #925984)
From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Date: Fri, 6 Oct 2006 02:31:33 +0300 (EEST)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This PowerPoint vulnerability is described at Microsoft Security Advisory 
#925984
http://www.microsoft.com/technet/security/advisory/925984.mspx

It appears that the vulnerability is due to errors when executing VB script
SlideShowWindows.View.GotoNamedShow () automatically inside a PowerPoint 
presentation.

Information about the existence of related exploit code listed as NamedShows 
stack overwrite issue is public too.
The author and origin of the exploit code is not currently known.

Microsoft is reportedly working on a fix and Security Bulletin Advance 
Notification Program
reported about four upcoming October security bulletins affecting Microsoft 
Office recently.

- Juha-Matti

Prev by Date: [ MDKSA-2006:180 ] - Updated php packages fix integer overflow vulnerability
Next by Date: Hazir Site v2.0 Admin SQL Injection
Previous by thread: [ MDKSA-2006:180 ] - Updated php packages fix integer overflow vulnerability
Next by thread: Hazir Site v2.0 Admin SQL Injection
Index(es):
- Date
- Thread