漏洞详情: CVE-2011-0656

漏洞标题
NVD 暂无描述信息
来源:NVD
Microsoft PowerPoint无效'PersistDirectoryEntry'记录远程代码执行漏洞
来源:CNNVD
漏洞描述
Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka "Persist Directory RCE Vulnerability."
来源:NVD
Microsoft PowerPoint是美国微软(Microsoft)公司的Office套件中的一个文档演示工具。 Microsoft PowerPoint 2002 SP3,2003 SP3,2007 SP2和2010;基于Mac的Office 2004,2008和2011;基于Mac的Open XML File Format Converter;Word,Excel和PowerPoint 2007 File Formats SP2的Office Compatibility Pack;PowerPoi
来源:CNNVD
Microsoft PowerPoint 2002 SP3、2003 SP3、2007 SP2和2010; Office 2004、2008和2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word、Excel和PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2;和PowerPoint Web App 未正确验证 PowerPoint 文档中的PersistDirectoryEntry记录,这允许远程攻击者通过一个不完整的记录的Slide执行任意代码或导致拒绝服务(内存泄漏)。这触发了一个异常,并随后使用未指定的方法,即“Persist Directory RCE 漏洞”。
来源:神龙机器人
漏洞评分(CVSS)
NVD 暂无评分
来源:NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
来源:神龙机器人, 准确率:N/A
漏洞类别
NVD 暂无漏洞类别信息
来源:NVD
授权问题
来源:CNNVD
相关链接