SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft PowerPoint Vendors:   Microsoft
[Duplicate] Microsoft PowerPoint Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016886
SecurityTracker URL:  http://securitytracker.com/id/1016886
CVE Reference:   CVE-2006-4854   (Links to External Site)
Updated:  Sep 20 2006
Original Entry Date:  Sep 19 2006
Impact:   Execution of arbitrary code via network, User access via network


Description:   A vulnerability was reported in Microsoft PowerPoint. A remote user can cause arbitrary code to be executed on the target user's system.

[Editor's note: This is a duplicate of CVE-2006-0009 [Alert ID 1015766] and will be deleted from our database shortly.]

A remote user can create a specially crafted PowerPoint file that, when loaded by the target user, will trigger a previously undocumented vulnerability to execute arbitrary code on the target system. The code will run with the privileges of the target user.

Symantec reported this vulnerability (assigining the name 'Trojan.PPDropper.E' to malicious code that attempts to exploit the vulnerability). The Symantec advisory is available at:

http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99

A FAQ from Juha-Matti Laurio is available at:

http://blogs.securiteam.com/?p=620

On September 19, 2006, MITRE/CVE reported that Microsoft has determined this vulnerability to be a duplicate of CVE-2006-0009 [Alert ID 1015766], instead of a new vulnerability.

[Editor's note: This duplicate entry will be deleted from our database shortly.]

Impact:   A remote user can create a PowerPoint file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   No solution was available at the time of this entry.

[Editor's note: This is a duplicate of CVE-2006-0009 [Alert ID 1015766] and was corrected by MS06-012. This Alert will be deleted from our database shortly.]

Vendor URL:  www.microsoft.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  New PowerPoint 2000 0-day vulnerability found

New zero-day vulnerability in Microsoft PowerPoint has been disclosed.

This vulnerability is being exploited by Trojan horse Trojan.PPDropper.E:
http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99

This dropper type file reportedly works in all Windows systems,
but the vulnerability itself has been confirmed in PowerPoint 2000 Chinese version.

According to Symantec the exact file size of malicious .PPT file is 1,072,128 bytes.
It drops another Trojan with backdoor capacity.

Related FAQ document is ready. The document entitled as Microsoft PowerPoint 0-day 
Vulnerability FAQ - September 2006, CVE-2006-xxxx

is located at my SecuriTeam Blogs section,
http://blogs.securiteam.com/?p=620

Regards,
Juha-Matti Laurio
Finland
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC