{"vuid":"VU#190089","idnumber":"190089","name":"Microsoft PowerPoint malformed record vulnerability","keywords":["Microsoft","PowerPoint","arbitrary code execution","malformed record","ms06-june","MS06-028"],"overview":"Microsoft PowerPoint fails to properly handle malformed records. This may allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Microsoft PowerPoint Microsoft PowerPoint is presentation software that is available on Microsoft Windows and Apple Mac platforms. PowerPoint documents A PowerPoint document is made up of a tree of records. These records can contain data or other records. The problem Microsoft PowerPoint fails to properly handle malformed records.","impact":"By convincing a user to open a PowerPoint document, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system with the privileges of the user.","resolution":"Apply an update This issue is addressed in Microsoft Security Bulletin MS06-028. Note that Windows and Mac versions of PowerPoint are affected.","workarounds":"Do not open PowerPoint documents from untrusted sources By only accessing PowerPoint documents from trusted or known sources, the chances of exploitation are reduced.","sysaffected":"","thanks":"Thanks to Microsoft Security for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["http://www.microsoft.com/technet/security/Bulletin/MS06-028.mspx","http://secunia.com/advisories/20633/"],"cveids":["CVE-2006-0022"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-06-13T18:16:07Z","publicdate":"2006-06-13T00:00:00Z","datefirstpublished":"2006-06-13T19:45:13Z","dateupdated":"2006-06-15T20:11:32Z","revision":3,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"10","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"15","cam_impact":"15","cam_easeofexploitation":"12","cam_attackeraccessrequired":"15","cam_scorecurrent":"13.66875","cam_scorecurrentwidelyknown":"21.2625","cam_scorecurrentwidelyknownexploited":"36.45","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":13.66875,"vulnote":null}