Attackers target new Microsoft PowerPoint zero-day flaw


Attackers target new Microsoft PowerPoint zero-day flaw Staff

Malicious Microsoft PowerPoint files are exploiting a newly discovered zero-day flaw in the presentation program, Microsoft warned Thursday.

If successfully exploited, the flaw could allow remote code execution if

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

a user is tricked into opening a malicious PowerPoint file. The software giant said attacks have been targeted and limited. Versions affected by the flaw are Office PowerPoint 2000 Service Pack 3, Office PowerPoint 2002 Service Pack 3, and Office PowerPoint 2003 Service Pack 3.

In a blog post describing the flaw, Bruce Dang and Jonathan Ness of Microsoft Security Response Center called the flaws the "first reliable exploits we have seen in the wild that infect Office 2003 SP3 with the latest security updates."

The malicious PowerPoint files contain a trojan dropper embedded within an exploit within the presentation. The files look legitimate making it easy for end users to be tricked into opening them. Users may not even notice something malicious ran in the background, Microsoft said.

As a workaround, Microsoft said organizations that have migrated to the newer XML file format can temporarily disable the binary file format using the FileBlock registry configuration. Organizations can also temporarily force all PowerPoint files to open in the Microsoft Isolated Conversion Environment (MOICE).

Danish vulnerability clearinghouse, Secunia gave the flaw an extremely critical rating. "The vulnerability is caused due to an unspecified error that may result in access to an invalid object in memory when parsing a specially crafted PowerPoint file," Secunia said in its advisory.