Another day, another zero-day MS exploit
PowerPoint threat to PCs and Macs
Posted in Applications, 28th September 2006 15:43 GMT
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
Business users are being encouraged to be more cautious when opening PowerPoint files following the discovery of an as yet unpatched flaw in Microsoft's office application.
Attackers might take advantage of the flaw to run hostile code on either Windows or Mac computers running various versions of the application. The security bug stems from an unspecified flaw in processing PowerPoint documents containing a malformed string, Secunia explains.
The vulnerability affects Microsoft PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft PowerPoint 2004 for Mac and Microsoft PowerPoint v. X for Mac, according to an advisory from Microsoft.
Net security firm McAfee has already identified a Trojan that attempts to exploit the vulnerability on compromised Windows machines. The SANS Institute's Internet Storm Centre advises on steps to take to defend against the threat here.
The security flap over PowerPoint caps a bad week for Microsoft, which saw the release of an unscheduled patch to combat a serious day zero vulnerability in Internet Explorer (involving the handling of Vector Markup Language files) on Tuesday.
This isn't the first time a day zero vulnerability has been discovered in Microsoft PowerPoint, either. In a similar incident back in July, Chinese hackers exploited a different PowerPoint flaw in order to infect vulnerable Windows systems with a key-logging Trojan (dubbed Edepol-C), anti-virus firm Sophos reports. ®
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
Send corrections
IT infrastructure monitoring strategies
The new Office Garage series:
Data control in the cloud
Top 10 SIEM implementer’s checklist
