funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Vulnerable function in the newest PowerPoint case (MS Advisory #925984)

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Sat, 7 Oct 2006 09:46:43 +0300 (EEST)
This PowerPoint vulnerability is described at Microsoft Security Advisory #925984
http://www.microsoft.com/technet/security/advisory/925984.mspx

It appears that the vulnerability is due to errors when executing VB script
SlideShowWindows.View.GotoNamedShow () automatically inside a PowerPoint presentation.

Information about the existence of related exploit code as NamedShows stack overwrite issue is public too.
The author and origin of the exploit code is not currently known.

Microsoft is reportedly working on a fix and on Thursday Security Bulletin Advance Notification Program reported about 
four upcoming October security bulletins affecting Microsoft Office.

- Juha-Matti

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: