CVE-2008-0120 - Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary co

CVE-2008-0120

Summary

Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_powerpoint_viewer:2003:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 12-10-2018 - 21:45)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

oval via4

accepted

2014-06-30T04:11:05.664-04:00

class

vulnerability

contributors

name Dragos Prisaca
organization Secure Elements, Inc.
name Dragos Prisaca
organization Secure Elements, Inc.
name Pradeep R B
organization SecPod Technologies
name Josh Turpin
organization Symantec Corporation
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment	Microsoft PowerPoint Viewer is installed
oval	oval:org.mitre.oval:def:6014

description

family

windows

oval:org.mitre.oval:def:5768

status

accepted

submitted

2008-08-13T09:28:00

title

Memory Allocation Vulnerability

version

refmap via4

bid	30552
cert	TA08-225A
hp	HPSBST02360 SSRT080117
idefense	20080812 Microsoft PowerPoint Viewer 2003 Cstring Integer Overflow Vulnerability
sectrack	1020676
secunia	31453
vupen	ADV-2008-2355

saint via4

bid	30552
description	Microsoft PowerPoint Viewer picture index CString object integer overflow
id	win_patch_pptview2003
osvdb	47406
title	powerpoint_viewer_cstring
type	client

Last major update

12-10-2018 - 21:45

Published

13-08-2008 - 00:41

Last modified

12-10-2018 - 21:45