본문 바로가기
취약점소식

[PowerPoint]Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability

by 잡다한 처리 2009. 4. 3.
반응형


오피스 파워포인트 2007이하는 모두 취약점이 있는 것으로 확인되었다.
제길 ㅠㅠ 난 2003인데 ;;;;;

Bugtraq ID:  34351 
Class:  Boundary Condition Error 
CVE:  CVE-2009-0556
Remote:  Yes 
Local:  No 
Published:  Apr 02 2009 12:00AM 
Updated:  Apr 02 2009 12:00AM 
Credit:  Microsoft 

Vulnerable: Microsoft PowerPoint 2004 for Mac 0
Microsoft PowerPoint 2003 SP3
+ Microsoft Office 2003 SP3
Microsoft PowerPoint 2003 SP2
+ Microsoft Office 2003 SP2
Microsoft PowerPoint 2003 SP1
+ Microsoft Office 2003 SP1
Microsoft PowerPoint 2003 0
+ Microsoft Office 2003 0
Microsoft PowerPoint 2002 SP3
Microsoft PowerPoint 2002 SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft PowerPoint 2002 SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
Microsoft PowerPoint 2002
+ Microsoft Office XP
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
Microsoft PowerPoint 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft PowerPoint 2000 SR1
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
Microsoft PowerPoint 2000 SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3

[참고자료]
- http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx
- http://www.microsoft.com/technet/security/advisory/969136.mspx
- http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx
- http://www.securityfocus.com/bid/34351/info
- http://www.krcert.net/secureNoticeView.do?seq=-1&num=321

저작자표시 비영리 변경금지

'취약점소식' 카테고리의 다른 글

[AdobeReader]Adobe Reader (getAnnots() 등)취약점으로 인한 피해 주의  (0) 2009.04.29
[Gom]GOM Player Subtitle Buffer Overflow Vulnerabiltity  (4) 2009.04.09
[Opera]Opera 9.64 (7400 nested elements) XML Parsing Remote Crash Exploit  (0) 2009.03.31
[TrendMicro]Trend Micro Internet Security Pro 2009 Priviliege Escalation PoC  (0) 2009.03.31
[Firefox]Mozilla Firefox XSL Parsing Remote Memory Corruption PoC 0day  (0) 2009.03.26

관련글

댓글

티스토리툴바