It looks like Patch Tuesday came too soon this month, as a highly critical issue with Microsoft PowerPoint 2003 has been revealed to the company.
That revelation included proof of concept code, according to Alexandra Huft, who posted news of the latest threat on Microsoft's Security Response Center blog:
I wanted to let you know that we've been made aware of proof of concept code published publicly affecting Microsoft Office 2003 PowerPoint. We are currently investigating this report. The reported proof of concept may allow an attacker to execute code on a user's machine by convincing them to open a specially-crafted PowerPoint file. We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time.
The Secunia advisory service also picked up on the proof of concept report. They have rated it 'highly critical,' their second highest rating, and briefly explained the problem with PowerPoint:
The vulnerability is caused due to an unspecified error when processing PowerPoint presentations.
The vulnerability is reported in Microsoft PowerPoint 2003. Other versions may also be affected.
Secunia cautioned PowerPoint users not to open untrusted Office documents to avoid exposure to a potential attack. Once exploited, the vulnerability could enable remote system access to a compromised system.
Microsoft recently delivered patches for a number of Critical-rated vulnerabilities in Windows and Office. That included several fixes for issues in PowerPoint.
Microsoft security bulletin MS06-058 identified four vulnerabilities in the most recent spate of patches for PowerPoint. Three of them were rated Critical, and all four posed a remote code execution threat before being corrected.
iEntry 10th Anniversary
RSS
Archive
Del.icio.us
Digg
Furl
