October 16, 2006 6:15 PM PDT

Another PowerPoint bug threatens

Related Stories

The future of malware: Trojan horses

October 13, 2006

A banner year for security bugs

October 11, 2006

Microsoft struggles with patch

October 10, 2006

Zero-day Wednesdays

July 24, 2006
Microsoft is investigating a report of a new, yet-to-be-fixed security vulnerability in PowerPoint.

Sample attack code that exploits the vulnerability has already been released on the Internet, a Microsoft representative wrote on a corporate blog late last week. Use of the code in an attack could cause a complete system compromise, according to Microsoft.

"The reported proof of concept may allow an attacker to execute code on a user's machine by convincing them to open a specially crafted PowerPoint file," wrote Alexandra Huft, a Microsoft Security Response representative. "We are not aware of any attacks attempting to use the reported vulnerability."

The flaw affects PowerPoint 2003, according to Microsoft. Security monitoring companies Secunia and the French Security Incident Response Team, or FrSIRT, also list earlier versions as vulnerable. FrSIRT deems the issue "critical," while Secunia rates it "highly critical."

"The vulnerability is caused (by) an unspecified error when processing PowerPoint presentations," Secunia wrote in an advisory. For protection, people should not open Office documents received from untrustworthy sources, FrSIRT advices.

Word of the new PowerPoint flaw came only days after Microsoft last week released a slew of patches for Windows and Office. Several of the Office fixes were for flaws that also had previously been disclosed and some had been used in targeted cyberattacks.

Miscreants are taunting Microsoft with zero-day code, or attack code released immediately after a flaw or patch is made public, experts have said. Some security watchers have started to coin the term "zero-day Wednesday" to come after "Patch Tuesday," Microsoft's patch day on the second Tuesday of each month.

See more CNET content tagged:
Microsoft PowerPoint, flaw, vulnerability, attack, Microsoft Corp.

6 comments

Join the conversation!
Add your comment
Get the facts straight!
If you have any Microsoft products on your computer, you are 100+ times more vulnerable to attacks.
Posted by Microsoft_Facts (109 comments )
Reply Link Flag
Platform independant
It doesn't matter if you have a Mac or PC, your system is most vulnerable when you turn it on. These flaws are caused by twits and nolifs who live to cause trouble for others. It doesn't seem to make a difference what label is on the outside of the case.
Posted by Vegaman_Dan (6683 comments )
Link Flag
Get a life!
It's more correct if I say that by having Microsoft Windows Defender on your computer you are 100+ times less vulnerable to attacks.
Posted by Ryo Hazuki (378 comments )
Link Flag
Zero Day Wednesday
But this news isn't coming on a Wednesday! In fact I seem to recall only a couple time that an exploit for a patch released on Tuesday showed up the next day.

Perhaps the author of this article needs to do a little more research and not just continue to use the same hackneyed phrase over and over as if repetition will make it true.

(Note: That aside it is disappointing that we seem to be getting a never ending flow of exploits).
Posted by aabcdefghij987654321 (1721 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.