Attack vector NETWORK
Attack complexity MEDIUM
Privileges required NONE
Confidentiality impact COMPLETE
Integrity impact COMPLETE
Availability impact COMPLETE
Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leverage Executable Code in Non-Executable Files
- Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
|description||BUGTRAQ ID: 35275 CVE(CAN) ID: CVE-2009-0202 Microsoft PowerPoint是微软Office套件中的文档演示工具。 PowerPoint的Freelance Windows 2.1 Translator（FL21WIN.DLL）在解析布局信息时存在数组索引错误，如果用户受骗打开了恶意的PPT文件就可能触发堆溢出，导致执行任意指令。 安装了MS09-017更新的系统默认下会禁用对Freelance文件的支持，但可在注册表中手动重新启用。 Microsoft PowerPoint 2002 Microsoft PowerPoint 2000 厂商补丁： Microsoft --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： <a href="http://www.microsoft.com/technet/security/" target="_blank" rel=external nofollow>http://www.microsoft.com/technet/security/</a>|
|title||Microsoft PowerPoint Freelance布局解析堆溢出漏洞|