Remote Code Execution Vulnerability in Microsoft PowerPoint Products
CVE-2011-3413

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office; Office Compatibility Pack; Powerpoint; Powerpoint Viewer
Vendor: CVE Published:; 14 December 2011

Summary

This vulnerability in Microsoft PowerPoint and related Office products can be exploited by remote attackers through specially crafted PowerPoint documents. The flaw arises due to improper handling of OfficeArt records, which could lead to memory corruption, allowing attackers to execute arbitrary code on the affected system. Users opening a maliciously crafted PowerPoint document may face serious security risks, including the potential for system compromise.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA11-347A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

55% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 14, 2011
Vulnerability Reserved
Sep 9, 2011