Remote Code Execution Vulnerability in Microsoft PowerPoint Products
CVE-2011-0655

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Powerpoint; Powerpoint Web App
Vendor: CVE Published:; 13 April 2011

What is CVE-2011-0655?

Microsoft PowerPoint products including various versions for both Windows and Mac exhibit a vulnerability due to improper validation of TimeColorBehaviorContainer Floating Point records. This flaw allows remote attackers to execute arbitrary code or trigger a denial of service through specially crafted PowerPoint documents. The risk is amplified as affected users may unknowingly open the malicious files, resulting in potential exploitation.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

third-party-advisoryx_refsource_CERT

http://www.securitytracker.com/id?1025340

vdb-entryx_refsource_SECTRACK

EPSS Score

66% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2011
Vulnerability Reserved
Jan 28, 2011