Remote Code Execution Vulnerability in Microsoft PowerPoint Products
CVE-2011-0656

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Powerpoint; Powerpoint Web App
Vendor: CVE Published:; 13 April 2011

Summary

Certain versions of Microsoft PowerPoint and related Microsoft Office applications are susceptible to a vulnerability that arises from improper validation of PersistDirectoryEntry records in PowerPoint documents. This flaw permits attackers to potentially execute arbitrary code or trigger memory corruption, which can lead to denial of service conditions. The issue is initiated through a Slide containing a malformed record that causes an exception during processing. If exploited, attackers can manipulate user systems and compromise data integrity.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

third-party-advisoryx_refsource_CERT

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 13, 2011
Vulnerability Reserved
Jan 28, 2011