CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.7%
Added: 03/04/2010
CVE: CVE-2010-0033
BID: 38107
OSVDB: 62241
Microsoft PowerPoint Viewer 2003 is a free tool which allows viewing of Microsoft PowerPoint presentations without requiring Microsoft PowerPoint itself.
A stack overflow vulnerability in the handling of TextBytesAtom records allows command execution when a user opens a PowerPoint file containing an overly long TextBytesAtom record.
Install the update referenced in Microsoft Security Bulletin 10-004.
<http://www.zerodayinitiative.com/advisories/ZDI-10-017/>
Exploit works on Microsoft PowerPoint Viewer 2003 SP3 and requires a user to load the exploit file in the affected software.
It may take a longer than usual time to establish a shell connection after the user opens the exploit file.
Windows