Exploit code targets unpatched PowerPoint flaw

By Bill Brenner, Senior News Writer 13 Oct 2006 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Proof-of-concept exploit code has been released for a new, unpatched Microsoft PowerPoint flaw, continuing the trend of recent months where exploit code has surfaced for new flaws immediately after Microsoft's monthly patch release.

We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. Alexandra Huft, MSRC Blog

Alexandra Huft of the Microsoft Security Response Center said in the center's blog that the company is investigating the threat.

"We've been made aware of proof of concept code published publicly affecting Microsoft Office 2003 PowerPoint," Huft said. "The reported proof of concept may allow an attacker to execute code on a user's machine by convincing them to open a specially-crafted PowerPoint file. We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time."

The French Security Incident Response Team (FrSIRT) said in an advisory that the problem is a memory corruption error that surfaces when malformed PowerPoint presentations are handled. Attackers could exploit this to run malicious code on victims' machines by tricking the user into opening a specially crafted document.

Due to the appearance of exploit code, FrSIRT has rated the flaw critical, while Danish vulnerability clearinghouse Secunia has rated it highly critical. The flaw affects PowerPoint 2000, PowerPoint 2002, PowerPoint 2003, Office 2000, Office XP and Office 2003.

In its advisory, Secunia recommended Microsoft users mitigate the threat by not opening unexpected and unsolicited Office documents.

The appearance of exploit code for unpatched flaws right after Patch Tuesday has become a common occurrence in recent months. In this case, the threat surfaced two days after Microsoft released 10 security updates as part of its October patching schedule.

Days after its September patch release, Microsoft was forced to acknowledge an unpatched Internet Explorer flaw with exploit code. After the July patch release, a new zero-day flaw was found in PowerPoint. After the June patch release, a Microsoft Excel zero-day flaw surfaced.

Tags: Microsoft Internet Explorer (IE),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Internet Explorer (IE) Admins can wear many hats using Netcat Patching third-party browsers adds more work in Windows shops Four Internet Explorer 8 Group Policy security settings Safe enterprise Web browsing: Five tips in five minutes Top client security tips of 2006 General security configuration: Step 1 Protection against international domain names, URL handling: Step 3 ActiveX opt-ins, information bar and cross-domain protection: Step 4 Windows Vista and IE7: Step 5 Phishing filter: Step 2

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary ActiveX  (SearchEnterpriseDesktop.com) ActiveX control  (SearchEnterpriseDesktop.com) Internet Explorer  (SearchEnterpriseDesktop.com) Internet Explorer Administration Kit  (SearchEnterpriseDesktop.com) tabbed browsing  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary