Critical Vulnerability Information Vulnerability Overview Title: Microsoft Office PowerPoint 2010 - Invalid Pointer Reference Type: Denial of Service (DoS) Affected Platform: Windows CVE ID: 2016-3357 EDB-ID: 40406 Release Date: 2016-09-21 Verification Status: EDB Verified Vulnerability Details Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=866 Test Environment: Microsoft PowerPoint 2010 running on Windows 7 x86 with Application Verifier enabled File Versions: - mso.dll: 14.0.7166.5000 - ppcore.dll: 14.0.7168.5000 Crash File: 3525170180.ppt Crash Context Register Information: - EAX: 1979aea0 - ECX: 1979aea0 - EDX: 0024e340 - ESI: 00000000 - EDI: 00000000 - EIP: 663088d8 - ESP: 0024e330 - EBP: 0024e330 Call Stack The call stack shows multiple functions in the call stack Issue Analysis ECX register points to invalid memory Analysis of the call stack and disassembly reveals that an invalid value is passed as a parameter to the crashing function Heap corruption issue exists in heap memory allocation; Application Verifier failed to detect it Proof of Concept (PoC) A link to the PoC code is provided: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40406.zip