[Microsoft Alert] Microsoft Security Bulletin MS06-028

Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)

Issued: June 13, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft PowerPoint

 

Impact of Vulnerability: Remote Code Execution

 

Maximum Severity Rating: Critical

 

Recommendation: Customers should apply the update immediately

 

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

 

 

Vulnerability Details:

There is a remote code execution vulnerability in PowerPoint that uses a malformed record. An attacker could exploit the vulnerability by constructing a specially crafted PowerPoint file that could allow remote code execution.

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

 

 

Affected Software:

Microsoft Office 2000 Service Pack 3

Microsoft PowerPoint 2000

 

Microsoft Office XP Service Pack 3

Microsoft PowerPoint 2002

 

Microsoft Office 2003 Service Pack 1 or Service Pack 2

Microsoft PowerPoint 2003

 

Microsoft Office 2004 for Mac

Microsoft PowerPoint 2004 for Mac

 

Microsoft Office v. X for Mac

Microsoft PowerPoint v. X for Mac

---