HTTP: PowerPoint File Multiples Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the Microsoft PowerPoint file format. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.
Extended Description
Microsoft PowerPoint is prone to multiple remote vulnerabilities. Three proof-of-concept exploit files designed to trigger vulnerabilities in PowerPoint have been released. It is currently unknown if these three exploit files pertain to newly discovered, unpublished vulnerabilities or if they exploit previously disclosed issues. These issues may allow remote attackers to cause crashes or to execute arbitrary machine code in the context of the affected application, but this has not been confirmed. This BID will be updated and potentially split into individual records as further analysis is completed. Microsoft PowerPoint 2003 is vulnerable to these issues; other versions may also be affected.
Affected Products
Microsoft powerpoint_2003
Short Name
HTTP:STC:DL:PPT-FF-BOF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2006-3656 CVE-2006-3876 CVE-2006-4694 CVE-2009-0220 CVE-2009-0221 CVE-2009-0223 CVE-2009-1129 CVE-2009-1137 File Multiples Overflow PowerPoint bid:18993 bid:19229 bid:20226
Release Date
10/07/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3730
False Positive
Unknown
Vendors
Microsoft
CVSS Score
2.6
9.3