A vulnerability has been identified in Microsoft Office PowerPoint, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a user-after-free error when processing a malformed PPT document, which could allow attackers to cause a vulnerable application to crash or execute arbitrary code by tricking a user into opening a specially crafted Powerpoint file.

Note: This vulnerability is being exploited in the wild.

Affected Products

Microsoft Office PowerPoint 2000 Service Pack 3
Microsoft Office PowerPoint 2002 Service Pack 3
Microsoft Office PowerPoint 2003 Service Pack 3
Microsoft Office 2004 for Mac

Solution

Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx

References

http://www.vupen.com/english/advisories/2009/0915
http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx
http://www.microsoft.com/technet/security/advisory/969136.mspx
http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx
http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx
http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx

In-depth Binary Analysis

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 

Private Exploit or PoC

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 

Credits

Vulnerability reported by the vendor.

Changelog

2009-04-03 : Initial release
2009-05-12 : Updated Solution

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.