Microsoft Corp. has released one Security Bulletins encompassing 14 vulnerabilities.
This report provides an initial summary of these pending issues.
Security Bulletin MS09-017:
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code
Execution (967340)
http://www.microsoft.com/technet/security/bulletin/MS09-017.mspx
CVE Number: CVE-2009-0220
iDefense Title: Microsoft PowerPoint 4.2 Conversion Filter Stack Buffer Overflow
Vulnerability (iDefense Exclusive)
iDefense Master ID: 471164
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 24, 2009
Remote exploitation of a stack-based buffer overflow vulnerability in Microsoft
Corp.'s PowerPoint could allow an attacker to execute arbitrary code with
the privileges of the current user.
CVE Number: CVE-2009-0221
iDefense Title: Microsoft PowerPoint LinkedSlideAtom Integer Overflow Vulnerability
(iDefense Exclusive)
iDefense Master ID: 472088
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 24, 2009
Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s
PowerPoint could allow an attacker to execute arbitrary code with the privileges
of the current user.
CVE Number: CVE-2009-0222
iDefense Title: Microsoft PowerPoint Legacy File Format 4.0 Sound Data Vulnerability
iDefense Master ID: 486033
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 24, 2009
Remote exploitation of a file format vulnerability in versions 2003 Service
Pack 3 and prior of Microsoft Corp.'s PowerPoint could allow attackers to
execute arbitrary code on the targeted host.
CVE Number: CVE-2009-0223
iDefense Title: Microsoft PowerPoint 4.2 Conversion Filter Heap Corruption
Vulnerability (iDefense Exclusive)
iDefense Master ID: 471162
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 24, 2009
Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s
PowerPoint could allow an attacker to execute arbitrary code with the privileges
of the current user.
CVE Number: CVE-2009-0224
iDefense Title: Microsoft PowerPoint Build List Memory Corruption Vulnerability
(iDefense Exclusive)
iDefense Master ID: 473281
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 24, 2009
Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s
PowerPoint could allow an attacker to execute arbitrary code with the privileges
of the current user.
CVE Number: CVE-2009-0225
iDefense Title: Microsoft PowerPoint PP7 Memory Corruption Code Execution
Vulnerability
iDefense Master ID: 486035
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 24, 2009
Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s
PowerPoint versions prior to PowerPoint 2007 could allow an attacker to execute
arbitrary code with the privileges of the targeted user.
CVE Number: CVE-2009-0226
iDefense Title: Microsoft PowerPoint 4.2 Conversion Filter Stack Buffer Overflow
(iDefense Exclusive)
iDefense Master ID: 472555
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 24, 2009
Remote exploitation of a stack-based buffer overflow vulnerability in Microsoft
Corp.'s PowerPoint could allow an attacker to execute arbitrary code with
the privileges of the current user.
CVE Number: CVE-2009-0227
iDefense Title: Microsoft PowerPoint PPT 4.0 Importer Multiple Stack Buffer
Overflow Vulnerabilities (iDefense Exclusive)
iDefense Master ID: 472028
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 24, 2009
Remote exploitation of multiple stack-based buffer overflow vulnerabilities
in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary
code with the privileges of the current user.
CVE Number: CVE-2009-0556
iDefense Title: Microsoft PowerPoint Memory Corruption Code Execution Vulnerability
iDefense Master ID: 484902
iDefense Severity: MEDIUM
Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s
PowerPoint could allow an attacker to execute arbitrary code with the privileges
of the targeted user.
CVE Number: CVE-2009-1128
iDefense Title: Microsoft PowerPoint PPT95 Import Multiple Stack Buffer Overflow
Vulnerabilities (iDefense Exclusive)
iDefense Master ID: 469811
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 24, 2009
Remote exploitation of multiple stack-based buffer overflow vulnerabilities
in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary
code with the privileges of the current user.
CVE Number: CVE-2009-1129
iDefense Title: Microsoft PowerPoint PPT95 Import Multiple Stack Buffer Overflow
Vulnerabilities (iDefense Exclusive)
iDefense Master ID: 469019
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 24, 2009
Remote exploitation of multiple stack-based buffer overflow vulnerabilities
in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary
code with the privileges of the current user.
CVE Number: CVE-2009-1130
iDefense Title: Microsoft PowerPoint Notes Container Heap Corruption Vulnerability
(iDefense Exclusive)
iDefense Master ID: 474046
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 24, 2009
Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s
PowerPoint could allow an attacker to execute arbitrary code with the privileges
of the current user.
CVE Number: CVE-2009-1131
iDefense Title: Microsoft PowerPoint Out-of-Bounds Memory Corruption Vulnerability
iDefense Master ID: 486034
iDefense Severity: MEDIUM
Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s
PowerPoint could allow an attacker to execute arbitrary code with the privileges
of the targeted user.
CVE Number: CVE-2009-1137
iDefense Title: Microsoft PowerPoint PPT 4.0 Importer Stack Buffer Overflow
Vulnerabilities (iDefense Exclusive)
iDefense Master ID: 486036
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 24, 2009
Remote exploitation of stack-based buffer overflow vulnerabilities in Microsoft
Corp.'s PowerPoint could allow an attacker to execute arbitrary code with
the privileges of the current user.