Malicious attackers may use specially created PowerPoint files to crash a victim's computer. There are actually three separate vulnerabilities that occur when the application uses data taken directly from a PowerPoint presentation file as a pointer when saving or closing a malformed presentation. A malicious attacker can exploit this to corrupt memory and manipulate the program flow, and could allow a remote attacker access to a compromised system.
Additional Resources:
- French Security Incident Response Team: ADV-2006-2815
- National Institute of Standards and Technology: CVE-2006-3660
- National Institute of Standards and Technology: CVE-2006-3656
- National Institute of Standards and Technology: CVE-2006-3655
- Secunia advisory #: 21061