CVE-2011-0656

Published: Apr 13, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka "Persist Directory RCE Vulnerability."

Affected (12)

Products: Microsoft: Office, Office Compatibility Pack, Office Powerpoint Viewer, Open Xml File Format Converter, Powerpoint, Powerpoint Viewer, Powerpoint Web App

7 products

Office Compatibility Pack

Office Powerpoint Viewer

Open Xml File Format Converter

Powerpoint Viewer

Powerpoint Web App

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office	Version 2004
Microsoft Office	Version 2008
Microsoft Office	Version 2011
Microsoft Office Compatibility Pack	Version 2007 sp2
Microsoft Office Powerpoint Viewer	All versions
Microsoft Open Xml File Format Converter	All versions
Microsoft Powerpoint	Version 2002 sp3
Microsoft Powerpoint	Version 2003 sp3
Microsoft Powerpoint	Version 2007 sp2
Microsoft Powerpoint	Version 2010
Microsoft Powerpoint Viewer	Version 2007 sp2
Microsoft Powerpoint Web App	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://osvdb.org/71770

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/517482/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/47251

Source: secure@microsoft.com

http://www.securitytracker.com/id?1025340

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2011/0941

Source: secure@microsoft.com

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-11-125

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11761

Source: secure@microsoft.com

http://osvdb.org/71770

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/517482/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/47251

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1025340

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2011/0941

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-11-125

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11761

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.