Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Powerpoint Vulnerabilty and MalCode Review InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Powerpoint Vulnerabilty and MalCode Review

Published: 2006-07-22
Last Updated: 2006-07-22 18:36:01 UTC
by Kevin Liston (Version: 1)
0 comment(s)
Recent vulnerabilities affecting PowerPoint:

MS06-010: Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167)
CVE-2006-0004
CVSS base: 2.3

MS06-028: Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
CVE-2006-0022
CVSS base: 5.6

Microsoft PowerPoint Unspecified Code Execution Vulnerability
CVE-2006-3590
CVSS base: 5.6
Vendor Announcements:
http://www.microsoft.com/technet/security/advisory/922970.mspx
http://blogs.technet.com/msrc/archive/2006/07/14/441893.aspx
Patch is currently un-available
Malcode exploiting this vulnerability has been identified, signatures are available.  
Aliases: Trojan.PPDropper.B, TROJ_MDROPPER.AS

Microsoft PowerPoint Memory Corruption Vulnerabilities
CVE-2006-3655
CVSS base: 5.6
Proof of concept code exists
Patch is currently un-available

CVE-2006-3656
CVSS base: 1.9
Proof of concept code exists
Patch is currently un-available

CVE-2006-3660
CVSS base: 5.6
Proof of concept code exists
Patch is currently un-available

These were reported on the Handler's Diary here: http://isc.sans.org/diary.php?storyid=1484
Keywords:
0 comment(s)
Diary Archives