After patches, Microsoft warns of PowerPoint attack

Just days after patching four bugs in PowerPoint, Microsoft Corp. is warning of a new attack targeting its presentation software.

"We've been made aware of proof of concept code published publicly affecting Microsoft Office 2003 PowerPoint," wrote Microsoft Security Program Manager Alexandra Huft in a Thursday blog posting. "The reported proof of concept may allow an attacker to execute code on a user's machine by convincing them to open a specially-crafted PowerPoint file."

Huft said that Microsoft is not aware of any attacks that take advantage of the bug, but with code now in circulation on public Web sites like Securitydot.net, the attack is easily available to attackers.

Her blog entry can be found here: http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx

Security vendor Secunia rates the flaw as highly critical because it could be exploited to gain accessed to a fully patched Windows system.

The flaw affects PowerPoint 2000, PowerPoint 2002 and PowerPoint 2003, as well as many versions of the Office suite, Secunia said. Its security advisory can be found here: http://secunia.com/advisories/22394/

Hackers have been keeping Microsoft's security team extremely busy over the past month, and Office in particular has been the focus of their efforts. On Tuesday, Microsoft released the largest number of bug fixes in recent memory patching 26 flaws in its Windows, Office and .Net framework products.

IDG News Service

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine