MS08-051 ? Critical: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) - Version:2.0

Severity Rating: Critical - Revision Note: V2.0 (August 20, 2008): Added note to the Affected Software table and entries to the Frequently Asked Questions (FAQ) Related to This Security Update section explaining that Microsoft has posted new update packages, labeled Version 2, for Microsoft Office PowerPoint 2003 Service Pack 2 and Microsoft Office PowerPoint 2003 Service Pack 3 to the Microsoft Download Center. Customers who manually installed Version 1 of this update from Microsoft Download Center need to reinstall Version 2 of this update. Customers who have installed this update using Microsoft Update or Office Update do not need to reinstall. Also removed erroneous mitigations from the vulnerability information sections for Memory Allocation Vulnerability - CVE-2008-0120 and Memory Calculation Vulnerability - CVE-2008-0121.Summary: This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Related Items