Published: 13/04/2011 Updated: 12/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka "Floating Point Techno-color Time Bandit RCE Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft office 2004
microsoft powerpoint viewer 2007
microsoft powerpoint web app
microsoft powerpoint 2010
microsoft office compatibility pack 2007
microsoft office powerpoint viewer
microsoft office 2008
microsoft office 2011
microsoft open xml file format converter

CWE-20 http://www.vupen.com/english/advisories/2011/0941 http://www.securitytracker.com/id?1025340 http://www.us-cert.gov/cas/techalerts/TA11-102A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12624 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-0655

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect