=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2011/VULN331
_____________________________________________________________________

DATE                      : 13/04/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Office version XP, 2003, 2007, 2010 2004, 2008,
                              Open XML File Format Converter for Mac, Microsoft Excel Viewer,
                              Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 File
                                Formats, Microsoft PowerPoint Viewer.
======================================================================
KB2489283
http://www.microsoft.com/technet/security/Bulletin/MS11-022.mspx
______________________________________________________________________

Microsoft Security Bulletin MS11-022 - Important
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
(2489283)
Version: 1.0

General Information

Executive Summary

This security update resolves three privately reported vulnerabilities in
Microsoft PowerPoint. The vulnerabilities could allow remote code execution if
a user opens a specially crafted PowerPoint file. An attacker who successfully
exploited any of these vulnerabilities could gain the same user rights as the
local user. Users whose accounts are configured to have fewer user rights on
the system could be less impacted than users who operate with administrative
user rights. The automated Microsoft Fix it solution for PowerPoint 2010,
"PowerPoint 2010 Disable Edit in Protected View," referenced in Microsoft
Security Advisory 2501584 and available in Microsoft Knowledge Base Article
2501584, blocks the attack vectors for exploiting the vulnerabilities
described in CVE-2011-0655 and CVE-2011-0656.

This security update is rated Important for all supported releases of Microsoft
PowerPoint; Microsoft Office for Mac; Open XML File Format Converter for Mac;
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File
Formats; Microsoft PowerPoint Viewer, and Microsoft PowerPoint Web App. For
more information, see the subsection, Affected and Non-Affected Software, in
this section.

Affected Software

Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010 (32-bit editions)
Microsoft Office 2010 (64-bit editions)
Microsoft Office for Mac
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Microsoft Office for Mac 2011
Open XML File Format Converter for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File
   Formats Service Pack 2
Microsoft PowerPoint Viewer 2007 Service Pack 2
Microsoft PowerPoint Viewer

Vulnerability Information

Floating Point Techno-color Time Bandit RCE Vulnerability - CVE-2011-0655

A remote code execution vulnerability exists in the way that Microsoft
PowerPoint handles specially crafted PowerPoint files. An attacker could
exploit the vulnerability by creating a specially crafted PowerPoint file that
could be included as an e-mail attachment, or hosted on a specially crafted or
compromised Web site.

Persist Directory RCE Vulnerability - CVE-2011-0656

A remote code execution vulnerability exists in the way that Microsoft
PowerPoint handles specially crafted PowerPoint files. An attacker could
exploit the vulnerability by creating a specially crafted PowerPoint file
that could be included as an e-mail attachment, or hosted on a specially
crafted or compromised Web site.

OfficeArt Atom RCE Vulnerability - CVE-2011-0976

A remote code execution vulnerability exists in the way that Microsoft
PowerPoint handles specially crafted PowerPoint files. An attacker could
exploit the vulnerability by creating a specially crafted PowerPoint file
that could be included as an e-mail attachment, or hosted on a specially
crafted or compromised Web site.


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================