Microsoft Windows Knowledge Base Article 967340 update is not installed (WinMs09kb967340Update)

Vuln ID: 50281
Risk Level: High risk vulnerability  High WinMs09kb967340Update
Platforms: Microsoft Works: 8.5, Microsoft PowerPoint: 2000 SP3, Microsoft PowerPoint: 2002 SP3, Microsoft PowerPoint: 2003 SP3, Microsoft PowerPoint: 2007 SP1, Microsoft PowerPoint: 2007 SP2, Microsoft PowerPoint Viewer: 2003 SP3, Microsoft PowerPoint Viewer, Microsoft Office Compatibility Pack: 2007 SP2, Microsoft Works: 9.0, Microsoft Office: 2004 Mac OS, Microsoft Office: 2008 Mac OS, Microsoft Open XML File Format Converter: Mac OS
Description:

Microsoft Knowledge Base Article 967340 is not installed, which could allow a remote attacker to exploit the following vulnerabilities:

Microsoft PowerPoint could allow a remote attacker to execute arbitrary code on the system, caused by specifying an invalid index value during the parsing of OutlineTextRefAtom. By persuading a victim to open a malicious PowerPoint file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system or cause the application to crash.

Microsoft PowerPoint is vulnerable to multiple stack-based buffer overflows, caused by improper bounds checking when reading a record header or record data from within PowerPoint files. By persuading a victim to open a malicious PowerPoint 4.0 file, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

Microsoft PowerPoint could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow when parsing two invalid record types within a PowerPoint file. By persuading a victim to open a malicious PowerPoint file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

Microsoft PowerPoint could allow a remote attacker to execute arbitrary code on the system, caused by an error when handling sound data within PowerPoint files. By persuading a victim to open a malicious PowerPoint 4.0 file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system or cause the application to crash.

Microsoft PowerPoint could allow a remote attacker to execute arbitrary code on the system, caused by an error when handling sound data within PowerPoint files. By persuading a victim to open a malicious PowerPoint 4.0 file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system or cause the application to crash.

Microsoft PowerPoint could allow a remote attacker to execute arbitrary code on the system, caused by an error when parsing a BuildList record within PowerPoint files. By persuading a victim to open a malicious PowerPoint file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

Microsoft PowerPoint could allow a remote attacker to execute arbitrary code on the system, caused by an error when handling sound data within a specially-crafted PowerPoint 95 file. By persuading a victim to open a malicious PowerPoint 95 file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system or cause the application to crash.

Microsoft PowerPoint is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing a string in the PowerPoint file. By persuading a victim to open a specially-crafted PowerPoint file, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

Microsoft PowerPoint is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing structures in a PowerPoint file. By persuading a victim to open a specially-crafted PowerPoint file, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

Microsoft PowerPoint is vulnerable to multiple stack-based buffer overflows, caused by improper bounds checking when reading record name strings or data that describes a sound object embedded within an older PowerPoint 95 formatted file. By persuading a victim to open a specially-crafted PowerPoint file, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

Microsoft PowerPoint is vulnerable to multiple stack-based buffer overflows, caused by improper bounds checking when reading sound data from within an older PowerPoint 95 formatted file. By persuading a victim to open a specially-crafted PowerPoint file, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

Microsoft PowerPoint is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when parsing structure values inside a Notes container. By persuading a victim to open a specially-crafted PowerPoint file, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

Microsoft PowerPoint is vulnerable to multiple stack-based buffer overflows, caused by improper bounds checking when processing certain atoms or reading overly large data in a PowerPoint file. By persuading a victim to open a specially-crafted PowerPoint file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

Microsoft PowerPoint could allow a remote attacker to execute arbitrary code on the system, caused by an error when handling sound data within PowerPoint files. By persuading a victim to open a malicious PowerPoint 4.0 file, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system or cause the application to crash.
Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS09-017. See References.
False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

Microsoft Security Bulletin MS09-017
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)
http://www.microsoft.com/technet/security/bulletin/ms09-017.mspx

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint index value code execution
http://xforce.iss.net/xforce/xfdb/49632

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint record header buffer overflow
http://xforce.iss.net/xforce/xfdb/50269

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint record types integer overflow
http://xforce.iss.net/xforce/xfdb/50270

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint sound code execution
http://xforce.iss.net/xforce/xfdb/50271

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint sound data code execution
http://xforce.iss.net/xforce/xfdb/50272

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint BuildList record code execution
http://xforce.iss.net/xforce/xfdb/50273

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint sound PowerPoint 95 code execution
http://xforce.iss.net/xforce/xfdb/50274

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint string buffer overflow
http://xforce.iss.net/xforce/xfdb/50275

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint structures buffer overflow
http://xforce.iss.net/xforce/xfdb/50276

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint name strings buffer overflow
http://xforce.iss.net/xforce/xfdb/50277

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint sound data buffer overflow
http://xforce.iss.net/xforce/xfdb/50278

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint notes buffer overflow
http://xforce.iss.net/xforce/xfdb/50279

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint atoms or data buffer overflow
http://xforce.iss.net/xforce/xfdb/50280

IBM Internet Security Systems X-Force Database
Microsoft PowerPoint sound data code execution
http://xforce.iss.net/xforce/xfdb/50425

ISS X-Force
Microsoft Windows Knowledge Base Article 967340 update is not installed
http://www.iss.net/security_center/static/50281.php

CVE CVE-2009-0220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0220

CVE CVE-2009-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0221

CVE CVE-2009-0222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0222

CVE CVE-2009-0223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0223

CVE CVE-2009-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0224

CVE CVE-2009-0225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0225

CVE CVE-2009-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0226

CVE CVE-2009-0227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0227

CVE CVE-2009-1128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1128

CVE CVE-2009-1129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1129

CVE CVE-2009-1130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1130

CVE CVE-2009-1131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1131

CVE CVE-2009-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1137

CVE CVE-2009-0556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0556
X-Force Logo
Know Your Risks		 Mitre.org CVE Logo
Common Vulnerabilties & Exposures