Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:037061F684C7241ABD70789C2F1DF809
HistoryJan 12, 2012 - 12:00 a.m.

Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability

2012-01-1200:00:00
SAINT Corporation
download.saintcorporation.com
21

EPSS

0.948

Percentile

99.3%

JSON

Added: 01/12/2012
CVE: CVE-2011-0655
BID: 47252
OSVDB: 71771

Background

Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.

Problem

The vulnerability is caused when PowerPoint reads an invalid record in a specially crafted PowerPoint file. A remote attacker could exploit this flaw by convincing a victim to open a specially crafted PowerPoint file which contains a malformed **ExtTimeNodeContainer** record. Successful exploitation of this issue may allow execution of arbitrary code in the context of the affected user.

Resolution

Apply the patch provided in Microsoft Security Bulletin MS11-022.

References

<http://www.zerodayinitiative.com/advisories/ZDI-11-123/&gt;

Limitations

Exploit works on Microsoft PowerPoint 2007 SP2. The target user must open the exploit file in Powerpoint.

This exploit uses the perl CPAN modules IO::Uncompress and Compress::Zlib to compress the data transferred to the target.

Platforms

Windows

Related

securityvulns 3
saint 3
seebug 1
zdi 2
checkpoint_advisories 2
nvd 1
prion 1
cve 1
cvelist 1
openvas 2
nessus 2
securityvulns
securityvulns
ZDI-11-123: Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code Execution Vulnerability
2011-04-13 00:00:00
ZDI-11-124: Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability
2011-04-13 00:00:00
Microsoft Office multiple security vulnerabilities
2011-04-17 00:00:00
saint
saint
Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability
2012-01-12 00:00:00
Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability
2012-01-12 00:00:00
Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability
2012-01-12 00:00:00
seebug
seebug
Microsoft PowerPointๆ— ๆ•ˆ&quot;TimeColorBehaviorContainer&quot;่ฎฐๅฝ•่ฟœ็จ‹ไปฃ็ ๆ‰ง่กŒๆผๆดž(MS11-022)
2011-04-15 00:00:00
zdi
zdi
Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code Execution Vulnerability
2011-04-12 00:00:00
Microsoft PowerPoint TimeColorBehaviorContainer Floating Point Record Remote Code Execution Vulnerability
2011-04-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft PowerPoint Techno-color Time Bandit Code Execution - Ver2 (CVE-2011-0655)
2014-04-16 00:00:00
Microsoft PowerPoint Techno-color Time Bandit Code Execution (MS11-022; CVE-2011-0655)
2011-04-12 00:00:00
nvd
nvd
CVE-2011-0655
2011-04-13 18:55:01
prion
prion
Memory corruption
2011-04-13 18:55:00
cve
cve
CVE-2011-0655
2011-04-13 18:55:01
cvelist
cvelist
CVE-2011-0655
2011-04-13 18:00:00
openvas
openvas
Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)
2011-04-13 00:00:00
Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)
2011-04-13 00:00:00
nessus
nessus
MS11-022: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)
2011-04-13 00:00:00
MS11-021 / MS11-022 / MS11-023: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489279 / 2489283 / 2489293) (Mac OS X)
2011-04-13 00:00:00

EPSS

0.948

Percentile

99.3%

JSON
Related for SAINT:037061F684C7241ABD70789C2F1DF809
securityvulns3saint3seebug1zdi2checkpoint_advisories2nvd1prion1cve1cvelist1openvas2nessus2