Another day, another zero-day MS exploit
PrintPowerPoint threat to PCs and Macs
Posted in Applications, 28th September 2006 15:43 GMT
Free whitepaper – Fundamental Principles of Generators for Information Technology
Business users are being encouraged to be more cautious when opening PowerPoint files following the discovery of an as yet unpatched flaw in Microsoft's office application.
Attackers might take advantage of the flaw to run hostile code on either Windows or Mac computers running various versions of the application. The security bug stems from an unspecified flaw in processing PowerPoint documents containing a malformed string, Secunia explains.
The vulnerability affects Microsoft PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft PowerPoint 2004 for Mac and Microsoft PowerPoint v. X for Mac, according to an advisory from Microsoft.
Net security firm McAfee has already identified a Trojan that attempts to exploit the vulnerability on compromised Windows machines. The SANS Institute's Internet Storm Centre advises on steps to take to defend against the threat here.
The security flap over PowerPoint caps a bad week for Microsoft, which saw the release of an unscheduled patch to combat a serious day zero vulnerability in Internet Explorer (involving the handling of Vector Markup Language files) on Tuesday.
This isn't the first time a day zero vulnerability has been discovered in Microsoft PowerPoint, either. In a similar incident back in July, Chinese hackers exploited a different PowerPoint flaw in order to infect vulnerable Windows systems with a key-logging Trojan (dubbed Edepol-C), anti-virus firm Sophos reports. ®
Enabling the Agile Data Center
Analyst Keynote: The Register Agile Data Center Summit
Managing desktop software for fun and profit
Windows 95 to Windows 7: How Microsoft lost its vision
Ubuntu's Karmic Koala bares fangs at Windows 7
Change your views: OS X tags exploited
Sun preps cell-phone Java plan for netbooks