Vulnerabilities in Microsoft PowerPoint may be exploited using a specially crafted PowerPoint file to permit remote code execution, potentially allowing an attacker to take complete control of the system.

The vulnerabilities are related to the way PowerPoint versions 2002 and 2003 handles specially crafted PowerPoint files. PowerPoint 2007 is not affected by these vulnerabilities; they do however affect PowerPoint Viewer 2007, which is delivered together with PowerPoint 2007.

A specially crafted PowerPoint file is required to target and exploit either one of the vulnerabilities. This file may be delivered as an attachment to an e-mail message or hosted on a website, which the user must be directed to in some way. In either case, the user must actively click and open the malicious PowerPoint file in order to be affected.

If the exploit is successful, an attacker can gain the same rights as the logged-in user. Users with administrative accounts may be more affected than those with fewer user rights.

Apply updates.

Microsoft Office XP Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=3efbf9f6-734a-46ac-8f92-87b6ec819bfa

Microsoft Office 2003 Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=108286d4-fb68-40d6-a7b1-64b3a4eb87ee

Microsoft PowerPoint Viewer Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=df826b79-7398-45de-943c-6f6f0af1b4e3

http://www.microsoft.com/technet/security/Bulletin/MS10-088.mspx