Home / bulletins

MS06-058: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163) - Version:1.1

Posted on 27 June 2007

Severity Rating: Critical - Revision Note: Bulletin updated: Further investigation of CVE-2006-3877 as originally revealed that the update was not effective in removing the vulnerability from affected systems. The Microsoft Security bulletin, MS07-015 has been issued to properly address CVE-2006-3877 and customers should apply the updates in this bulletin immediately.Summary: This update addresses several newly discovered, privately and publicly reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. When using vulnerable versions of PowerPoint, if a user were logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.