VRT Advisories


VRT Rules 2006-10-03

Sourcefire VRT Advisory

Date: 2006-10-03

Synopsis:

The Sourcefire VRT has completed research into a vulnerability affecting Microsoft PowerPoint documents and has updated the OfficeCat tool to process ppt files to determine the presence of possible exploit conditions.

Details:

Microsoft Security Advisory (925984):
Microsoft PowerPoint contains a vulnerability that may allow an attacker to execute code of their choosing on a vulnerable system via the use of a malformed .ppt file.

Note: A number of Trojan Horse programs are known to be using this vulnerability as an attack vector.

The OfficeCat tool has been updated to process Microsoft Office files to determine if the file contains possible exploit conditions relevant to this vulnerability.

OfficeCat tool download

download zip archive here

Instructions for use

  1. Unzip the archive
  2. Open a command shell
  3. Execute the tool executable with a document name for checking

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.