MS10-088: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote host through Microsoft
PowerPoint.

Description :

The remote Windows host is running a version of Microsoft PowerPoint
that is affected by several vulnerabilities :

- A buffer overflow exists in the way the application
parses the PowerPoint file format, which can be abused
to execute arbitrary code if an attacker can trick a
user into opening a specially crafted PowerPoint 95
file using the affected application. Note that by
default opening of such files is blocked in Microsoft
PowerPoint 2003 Service Pack 3. (CVE-2010-2572)

- An integer underflow exists in the way the application
parses the PowerPoint file format, which could lead to
heap corruption and allow for arbitrary code execution
when opening a specially crafted PowerPoint file.
(CVE-2010-2573)

See also :

http://technet.microsoft.com/en-us/security/bulletin/MS10-088

Solution :

Microsoft has released a set of patches for PowerPoint 2002 and
2003 as well as PowerPoint Viewer 2007.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 50529 ()

Bugtraq ID: 44626
44628

CVE ID: CVE-2010-2572
CVE-2010-2573