Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerabilityAdded: 01/12/2012
BackgroundMicrosoft PowerPoint is presentation software included in the Microsoft Office desktop suite.
ProblemThe vulnerability is caused when PowerPoint reads an invalid record in a specially crafted PowerPoint file. A remote attacker could exploit this flaw by convincing a victim to open a specially crafted PowerPoint file which contains a malformed ExtTimeNodeContainer record. Successful exploitation of this issue may allow execution of arbitrary code in the context of the affected user.
ResolutionApply the patch provided in Microsoft Security Bulletin MS11-022.
LimitationsExploit works on Microsoft PowerPoint 2007 SP2. The target user must open the exploit file in Powerpoint.
This exploit uses the perl CPAN modules IO::Uncompress and Compress::Zlib to compress the data transferred to the target.
Back to exploit index