Affected Vendor:
Microsoft

 Affected Products:
Microsoft Office 2000 SP3
Microsoft Office XP SP3
Microsoft Office 2003 SP1 / SP2
Microsoft Office 2004 for Mac
Microsoft Office v.X for Mac

TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since October 10, 2006 by Digital Vaccine protection
filter ID 4770. For further product information on the TippingPoint IPS:

http://www.tippingpoint.com

 Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of Microsoft Office. Exploitation requires
that the attacker coerce the target user into opening a malicious .PPT
file.

The specific flaw exists during the parsing of a malformed slide notes
field within the PowerPoint presentation. When PowerPoint attempts to
rebuild the malformed section, a pointer calculation is made based on
attacker controlled data from within the file. This pointer is later
dereferenced and can lead to arbitrary code execution with the
privileges of the user who opened the malicious file.

 Vendor Response:
Microsoft has issued an update to correct this vulnerability. More
details can be found at:
http://www.microsoft.com/technet/security/Bulletin/MS06-058.mspx