Business users are being encouraged to be more cautious when opening PowerPoint files following the discovery of an as yet unpatched flaw in Microsoft's office application.

Attackers might take advantage of the flaw to run hostile code on either Windows or Mac computers running various versions of the application. The security bug stems from an unspecified flaw in processing PowerPoint documents containing a malformed string, Secunia explains.

Net security firm McAfee has already identified a Trojan that attempts to exploit the vulnerability on compromised Windows machines. The SANS Institute's Internet Storm Centre advises on steps to take to defend against the threat here.

The security flap over PowerPoint caps a bad week for Microsoft, which saw the release of an unscheduled patch to combat a serious day zero vulnerability in Internet Explorer (involving the handling of Vector Markup Language files) on Tuesday.

This isn't the first time a day zero vulnerability has been discovered in Microsoft PowerPoint, either. In a similar incident back in July, Chinese hackers exploited a different PowerPoint flaw in order to infect vulnerable Windows systems with a key-logging Trojan (dubbed Edepol-C), anti-virus firm Sophos reports. ®

Related stories

• Hackers go after Excel (17 January 2008)
• One in five apps are insecure (21 December 2007)
• Microsoft zero-days said to target Office and Windows (11 April 2007)
• MS releases emergency cursor bug fix (4 April 2007)
• MS plans emergency update to fix blinking cursor bug (2 April 2007)
• Hackers target unpatched Office flaw (5 February 2007)
• IE 'unsafe' for 284 days last year (5 January 2007)
• eEye launches 0-day tracker site (7 December 2006)
• Unpatched bug bites Apple Mac OS X (22 November 2006)
• VXers suffering from 'writer's block' (21 November 2006)
• Five critical vulns mark November Patch Tuesday (15 November 2006)
• MS preps six fixes for November Patch Tuesday (10 November 2006)
• 0-day bug shatters Windows (6 November 2006)
• Ballmer: Microsoft helped security partners on Windows Vista (18 October 2006)
• Trojan download site spoofs IE7 release outlet (18 October 2006)
• Windows Update glitches derail Patch Tuesday (11 October 2006)
• Busy Patch Tuesday looms (6 October 2006)
• Virus-infected email hits rock bottom (2 October 2006)
• MS releases emergency IE fix (27 September 2006)
• Unofficial IE patch saves humanity (25 September 2006)
• Patch Tuesday omits critical Word fix (14 September 2006)
• Trojan targets 0-day Word vuln (5 September 2006)
• Unpatched enterprise security bugs proliferate (24 August 2006)
• Flaw finders lay siege to Microsoft Office (22 July 2006)
• When PowerPoint presentations attack (17 July 2006)
• Trojan exploits unpatched Word vulnerability (22 May 2006)