CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.3%
Added: 01/12/2012
CVE: CVE-2011-0655
BID: 47252
OSVDB: 71771
Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite.
The vulnerability is caused when PowerPoint reads an invalid record in a specially crafted PowerPoint file. A remote attacker could exploit this flaw by convincing a victim to open a specially crafted PowerPoint file which contains a malformed **ExtTimeNodeContainer**
record. Successful exploitation of this issue may allow execution of arbitrary code in the context of the affected user.
Apply the patch provided in Microsoft Security Bulletin MS11-022.
<http://www.zerodayinitiative.com/advisories/ZDI-11-123/>
Exploit works on Microsoft PowerPoint 2007 SP2. The target user must open the exploit file in Powerpoint.
This exploit uses the perl CPAN modules IO::Uncompress and Compress::Zlib to compress the data transferred to the target.
Windows