Advertisement
Promo

Security threats Toolkit

Zero-day PowerPoint flaw gives rise to attacks

Tom Espiner ZDNet.co.uk

Published: 03 Apr 2009 12:54 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Hackers have launched attacks targeting an unpatched flaw in Microsoft PowerPoint, Microsoft warned on Thursday.

The vulnerability, which affects Microsoft Office 2000 SP3, 2002 SP3 and 2003 SP3, can be exploited by getting a user to open a PowerPoint file rigged for the attack. When the file is opened, PowerPoint will access an invalid object in memory. That then allows an attacker to remotely execute code on the system.

In a security advisory, Microsoft said that at present, attacks are not widespread, but they are tailored to affect specific victims.

"Microsoft is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file," said the advisory. "At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability."

While there is currently no fix for the PowerPoint flaw, Microsoft said that it may release one outside its monthly patching schedule. Workarounds suggested by the company include users not opening files received from untrusted sources, using the Microsoft Office Isolated Conversion Environment (MOICE) to open untrusted files, and using Microsoft Office File Block policy to restrict the opening of Office 2003 and earlier documents.

Microsoft's last major PowerPoint patch, which came out in August 2008, addressed three critical flaws in the software.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
4 out of 4 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

1 comment

  1. Another day, another exploit – and this time it’s... lumension

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:





Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Official Organizations Losing Data

How does this article from earlier today make you feel? How many more government, health service, or military officials are going to lose pen drives, DVDs, USB hard disks and even entire... More

2 comments

Twitter hack was DNS redirect

Twitter has said an attack on Thursday which took the site offline for many users was the result of a DNS redirect. A group calling itself the Iranian Cyber Army redirected users... More

1 comment

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Win a BlackBerry with Vlingo voice recognition

Win a BlackBerry with Vlingo voice recognition

What is ZDNet UK's usual tagline?

Competition closes - 14 Jan 2010


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters