A parsing routine that is executed when PowerPoint 2000 opens files
contains an unchecked buffer. If an attacker inserted specially
chosen data into a PowerPoint file and could entice another user into
opening the file on his machine, the data would overrun the buffer,
causing either of two effects. In the less serious case, overrunning
the data would cause PowerPoint to fail, but wouldn´t have any other
effect. In the more serious case, overrunning the buffer could allow
the attacker to cause code of her choice to run on the user´s
machine. The code could take any action that the user himself could
take on the machine. Typically, this would enable the attacker´s code
to add, change or delete data, communicate with a remote server, or
take other actions.
A patch is available to fix this vulnerability. Please read Security Bulletin MS01-002 at: http://www.microsoft.com/technet/security/bulletin/ms01-002.asp for information on obtaining this patch.
contains an unchecked buffer. If an attacker inserted specially
chosen data into a PowerPoint file and could entice another user into
opening the file on his machine, the data would overrun the buffer,
causing either of two effects. In the less serious case, overrunning
the data would cause PowerPoint to fail, but wouldn´t have any other
effect. In the more serious case, overrunning the buffer could allow
the attacker to cause code of her choice to run on the user´s
machine. The code could take any action that the user himself could
take on the machine. Typically, this would enable the attacker´s code
to add, change or delete data, communicate with a remote server, or
take other actions.
A patch is available to fix this vulnerability. Please read Security Bulletin MS01-002 at: http://www.microsoft.com/technet/security/bulletin/ms01-002.asp for information on obtaining this patch.
