Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft PowerPoint vulnerabilities could allow remote code execution


Report ID: MS201112008
Date Published: 14 December 2011

Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft PowerPoint 2007
Microsoft PowerPoint 2010
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft PowerPoint Viewer 2007




Summary

Two vulnerabilities in Microsoft PowerPoint could lead to remote code execution and potentially allow an attacker to take control of an affected system.



Detailed Description

Microsoft has issued a security update for Microsoft PowerPoint to address two reported vulnerabilities, each of which could allow an attacker to execute arbitrary code. One of the vulnerability was caused when improperly restriction on the path used for loading external libraries, while the other was caused by a reading of an invalid record in a PowerPoint file.

Each vulnerability has been patched in the update by correcting the way that external libraries are loaded and modifying the way OfficeArt records are validated. Users are recommended to install this latest update to protect their system from potential exploits.



CVE Reference

CVE-2011-3396
CVE-2011-3413

 



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-094)




Online Virus Scanner

 
Run a quick online virus scan of your computer.