: skip to content : Home : Uni : Students : Research : Community : News : Events
150 years of Achievement: image of university student
Faculties : A-Z Directory : Library
  • IT Security Links
    • University IT Security Alerts
-----------

ITSS-Advisory : HIGH : Microsoft : PowerPoint : Remote Code Execution

THREAT LEVEL
============
High. At least one vulnerability is being actively exploited. Exploit
software has been publicly available since around one month ago.

INFORMATION
===========
on 12 May 2009, Microsoft released one bulletin in is scheduled monthly
announcement. 14 vulnerabilities in PowerPoint are fixed. Accessing a
specially crafted PowerPoint file could result in remote code execution
on an affected computer.

More information is available at:
http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx

Extracted from the bulletin:

"For Microsoft Office PowerPoint 2007 Service Pack 1 and Microsoft Office
PowerPoint 2007 Service Pack 2, in addition to KB957789, customers also
need to install the security update for Microsoft Office Compatibility
Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats Service Pack 2 (KB969618) to be protected from the
vulnerabilities described in this bulletin."

"The updates for Microsoft Office 2004 for Mac, Microsoft Office 2008 for
Mac, Open XML File Format Converter for Mac, Microsoft Works 8.5, Microsoft
Works 9.0 are still in development. Microsoft will issue updates on the
regular bulletin release cycle for these product lines when testing is
complete to ensure quality."

AFFECTED PLATFORMS
==================
PowerPoint in the following suites are affected:
- Microsoft Office 2000 Service Pack 3
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 3
- Microsoft Office 2007 Service Pack 1
- Microsoft Office 2007 Service Pack 2
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac

The following software are also affected:
- Open XML File Format Converter for Mac
- PowerPoint Viewer 2003
- PowerPoint Viewer 2007 Service Pack 1
- PowerPoint Viewer 2007 Service pack 2
- Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats Service Pack 1
- Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats Service Pack 2
- Microsoft Works 8.5
- Microsoft Works 9.0

ACTION
======
Administrators of affected computers are advised to review the
bulletin, test and apply relevant updates.

Computers in the testbed will have the patch applied immediately,
and their performance will be monitored. The effects of the patch
on these computers will be sent to its-announce@unimelb.edu.au by
early afternoon on Fri 15 May 2009.
top of page

Contact Us : Disclaimer & Copyright : Privacy