Cisco Security

Vendor Announcements

  • Microsoft has released a security bulletin at the following link: MS10-088 

Fixed Software

  • Microsoft customers can obtain updates directly by using the links in the security bulletin. These updates are also distributed by Windows automatic update features and available on the Windows Update website. Microsoft Windows Server Update Services (WSUS), Systems Management Server, and System Center Configuration Manager can assist administrators in deploying software updates.

Multivendor Vulnerability Alert

Microsoft Office PowerPoint Heap Corruption Arbitrary Code Execution Vulnerability

Alert ID:
First Published:
2010 November 9 18:31  GMT
Last Updated:
2010 November 10 15:42  GMT
CVSS Score:
Base 9.3, Temporal 6.9Click Icon to Copy Verbose Score
Cisco Intrusion Prevention System (IPS) 6.0
Signature IDSignature NameReleaseLatest Release Date
31439/0PowerPoint Integer Underflow Heap CorruptionS78203/31/2014
31439/0PowerPoint Integer Underflow Heap CorruptionS78203/31/2014

Revision History

  • Version Description Section Date

    Additional technical information that describes the Microsoft Office PowerPoint heap corruption arbitrary code execution vulnerability is publicly available.

    2010-November-10 15:42 GMT
    1 Microsoft Office PowerPoint contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the system with the privileges of the user.  Updates are available. 2010-November-09 18:31 GMT
    Show Less

Affected Products

  • The security vulnerability applies to the following combinations of products.

    Primary Products
    Microsoft, Inc.Microsoft PowerPoint Viewer2007 (Base, SP1, SP2)
    Office for Mac2004 (Base)
    PowerPoint2002 (Base, SP1, SP2, SP3) | 2003 (Base, SP1, SP2, SP3)
    Associated Products
    Microsoft, Inc.OfficeXP (2002) (Base, SP1, SP2, SP3) | 2003 (Base, SP1, SP2, SP3)