Added: 09/19/2008
CVE: CVE-2008-0120
BID: 30552
OSVDB: 47406
Microsoft PowerPoint Viewer 2003 is a free tool which allows viewing of Microsoft PowerPoint presentations without requiring Microsoft PowerPoint itself.
An integer overflow vulnerability in the handling of CString objects allows command execution when a user opens a PowerPoint file containing a malformed picture index.
Install the update referenced in Microsoft Security Bulletin 08-051.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=739>
Exploit works on Microsoft PowerPoint Viewer 2003 and requires a user to load the exploit file in the affected software.
This exploit might not succeed on Windows XP SP2 systems without some of the older patches.
Execution of the exploit requires the Compress-Zlib PERL module if the use compression option is enabled.
Windows XP