Thursday, December 23, 2010
Tuesday, December 21, 2010
Dec 21 CVE-2009-0556 (corrected CVE) Christmas Messages.pps with stolen cert from Syniverse from firstname.lastname@example.org
Common Vulnerabilities and Exposures (CVE)number
CVE-2009-0556 Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
CVE-2010-2572 Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
I would like to have a more technical analysis and identification of CVE in addition to this preliminary testing, so if you do it, please send over, I will add :) thank you
Comments: Shih-hao Weng (thank you) noted that he thinks it is CVE-2009-0556. I tested, indeed - the patch for CVE-2009-0556 (MS09-017 KB957784 May 12 2009) fixes it.
The only patch from Microsoft Updates that is automatically available and fixes it these days is MS10-088, which is for CVE-2010-2572. However MS10-088 replaced earlier patches, including MS09-017 ( CVE-2009-0556 ). CVE-2009-0556 was used a in a lot in malicious attachments in the past
You cannot automatically install MS09-017 via Microsoft Updates - see below but if you find it and install manually (for Sp3 MS09-017 KB957784 May 12 2009) . MS10-004 KB976881 Feb 4, 2010 would also fix it.
Everything in the post stays the same - except the CVE number changes to CVE-2009-0556 and the patches that will keep you safe are
For Office 2003 SP3