Alerts | Zero-Day Tracker | EEYEZD-20061012_2

Common Name:
Microsoft Office 2003 PPT Local DoS

Date Disclosed:
10/12/2006

Date Patched:
9/18/2007

Vendor:
Microsoft

Application:
PowerPoint 2003

Description:
A denial of service vulnerability exists within Microsoft PowerPoint which may allow for a remote attacker to cause PowerPoint to crash. This vulnerability requires user interaction. In a web-based scenario (e-mail, Web site), a user would still have to open a file manually, as it would not be auto-opened.

Severity:
Medium

Code Execution:
Potential Code Execution - Unverified

Impact:
This vulnerability has a minimum impact on networks as it only causes a Denial of Service for Microsoft PowerPoint.

Mitigation:
There is no mitigation for this vulnerability.

Protection:

• eEye's Blink® Personal Edition protects from this vulnerability.
• eEye's Blink® Professional Edition protects from this vulnerability.
• eEye's Retina® Network Security Scanner scans devices to detect for this vulnerability.

Patch:
Office 2003 SP3

Links:
CVE-2006-5296
First Public PoC Code Disclosure (Denial of Service)
MSRC Blog Post
Additional Vendor Response (Exploitability)

Status:
9/18/2007: Office 2003 SP3 Tested Non-Vulnerable