Exploit code targets unpatched PowerPoint flaw


Exploit code targets unpatched PowerPoint flaw

Bill Brenner, Senior News Writer

Proof-of-concept exploit code has been released for a new, unpatched Microsoft PowerPoint flaw, continuing the trend of recent months where exploit code has surfaced for new flaws immediately after Microsoft's monthly patch release.

Alexandra Huft of the Microsoft Security Response Center said in the center's

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

blog that the company is investigating the threat.

"We've been made aware of proof of concept code published publicly affecting Microsoft Office 2003 PowerPoint," Huft said. "The reported proof of concept may allow an attacker to execute code on a user's machine by convincing them to open a specially-crafted PowerPoint file. We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time."

The French Security Incident Response Team (FrSIRT) said in an advisory that the problem is a memory corruption error that surfaces when malformed PowerPoint presentations are handled. Attackers could exploit this to run malicious code on victims' machines by tricking the user into opening a specially crafted document.

Due to the appearance of exploit code, FrSIRT has rated the flaw critical, while Danish vulnerability clearinghouse Secunia has rated it highly critical. The flaw affects PowerPoint 2000, PowerPoint 2002, PowerPoint 2003, Office 2000, Office XP and Office 2003.

In its advisory, Secunia recommended Microsoft users mitigate the threat by not opening unexpected and unsolicited Office documents.

The appearance of exploit code for unpatched flaws right after Patch Tuesday has become a common occurrence in recent months. In this case, the threat surfaced two days after Microsoft released 10 security updates as part of its October patching schedule.

Days after its September patch release, Microsoft was forced to acknowledge an unpatched Internet Explorer flaw with exploit code. After the July patch release, a new zero-day flaw was found in PowerPoint. After the June patch release, a Microsoft Excel zero-day flaw surfaced.