Attackers target new Microsoft PowerPoint zero-day flaw

By SearchSecurity.co.uk Staff 03 Apr 2009 | SearchSecurity.co.uk

Security UK News Digg This!     StumbleUpon     Del.icio.us

If successfully exploited, the flaw could allow remote code execution if a user is tricked into opening a malicious PowerPoint file. The software giant said attacks have been targeted and limited. Versions affected by the flaw are Office PowerPoint 2000 Service Pack 3, Office PowerPoint 2002 Service Pack 3, and Office PowerPoint 2003 Service Pack 3.

In a blog post describing the flaw, Bruce Dang and Jonathan Ness of Microsoft Security Response Center called the flaws the "first reliable exploits we have seen in the wild that infect Office 2003 SP3 with the latest security updates."

The malicious PowerPoint files contain a trojan dropper embedded within an exploit within the presentation. The files look legitimate making it easy for end users to be tricked into opening them. Users may not even notice something malicious ran in the background, Microsoft said.

As a workaround, Microsoft said organizations that have migrated to the newer XML file format can temporarily disable the binary file format using the FileBlock registry configuration. Organizations can also temporarily force all PowerPoint files to open in the Microsoft Isolated Conversion Environment (MOICE).

Danish vulnerability clearinghouse, Secunia gave the flaw an extremely critical rating. "The vulnerability is caused due to an unspecified error that may result in access to an invalid object in memory when parsing a specially crafted PowerPoint file," Secunia said in its advisory.

Tags: Secure Coding and Application Programming,  Database Security Tools and Techniques,  Web Application Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Secure Coding and Application Programming Open source software security tops commercial apps, study finds Improving software with the Building Security in Maturity Model (BSIMM) How to prevent Adobe hacks from affecting your organisation SANS Institute, MITRE release new top 25 dangerous coding errors list Code complexity analysis: How to keep it simple Active PDF attacks target Reader, Acrobat zero-day vulnerability Software piracy group offers cash to whistleblowers SQL injection detection tools and prevention strategies Cross-site scripting explained: How to prevent attacks H.D. Moore speaks about Metasploit Project deal, Release 3.3 Database Security Tools and Techniques Multifunction security device safeguards SOA, streamlines company's infrastructure Safend expands data leakage prevention product to plug more gaps How to prevent memory dump attacks Database activity monitoring lacks security lift Report: Firms avoid encrypting backup tapes, databases Cryptography for the rest of us Recent breaches show data theft prevention basics lacking Unpatched vulnerability discovered in Microsoft SQL Server How to use Excel for security log data analysis SQL injection continues to trouble firms, lead to breaches Web Application Security Social networking risks, benefits for enterprises weighed by RSA panel How to prevent Adobe hacks from affecting your organisation Securing Web applications with Web application firewalls CISOs take measured steps to reduce social media risks Google to pay for Chrome browser vulnerabilities Facebook, McAfee partner to fix social network security issues PDF attack code complicates security analysis, skirts detection Annual security reports offer some hope Firefox, Opera, Safari browsers top list of high risk software Active PDF attacks target Reader, Acrobat zero-day vulnerability

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary