Microsoft PowerPoint vulnerabilities could allow remote code execution
Report ID: MS201112008
Date Published: 14 December 2011
Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft PowerPoint 2007
Microsoft PowerPoint 2010
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft PowerPoint Viewer 2007
Summary
Two vulnerabilities in Microsoft PowerPoint could lead to remote code execution and potentially allow an attacker to take control of an affected system.
Detailed Description
Microsoft has issued a security update for Microsoft PowerPoint to address two reported vulnerabilities, each of which could allow an attacker to execute arbitrary code. One of the vulnerability was caused when improperly restriction on the path used for loading external libraries, while the other was caused by a reading of an invalid record in a PowerPoint file.
Each vulnerability has been patched in the update by correcting the way that external libraries are loaded and modifying the way OfficeArt records are validated. Users are recommended to install this latest update to protect their system from potential exploits.
CVE Reference
CVE-2011-3396
CVE-2011-3413
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-094)
