PowerPoint exploit adds to Microsoft's busy week

News by Frank Washkuch Jr.

Another exploit for a popular Microsoft program has been found in the wild during an already hectic week for the software giant.

Another exploit for a popular Microsoft program has been found in the wild during an already hectic week for the software giant.

Experts from McAfee's Avert Labs said on a company blog this week that they found a new exploit for Microsoft PowerPoint in the wild.

Microsoft Office 2000, XP and 2003 are affected by the exploit, virus researcher Craig Schmugar said on Avert Labs' blog.

News of the new exploit came during a week when Redmond had already released an early patch for a flaw in Internet Explorer (IE) on Tuesday. Multiple attack vectors had been used to exploit that flaw.

McAfee researchers believe the exploit is part of a targeted attack, since a single target of the exploit has been discovered, he said.

Schmuger told SCMagazine.com today that the exploit could become more dangerous if its target scope widens.

"The flaw itself we rate as critical because remote code execution is possible and (hackers) could put whatever malware they want in a system," he said. "Right now, this is pretty contained, but as far as what it could do, it's pretty severe."

Microsoft's anti-virus (AV) products had just added detection for the malware on Saturday, according to McAfee.

When the trojan loads into PowerPoint, it runs a .exe file and installs two .dll files, which then get injected into Internet Explorer (IE) and post information to a malicious site.

McAfee said the risk to home and corporate users is low.

A Microsoft spokesperson said today that the company is investigating reports of limited zero-day attacks and will take appropriate action, and said the exploit affects PowerPoint versions 2000, 2002, 2003, 2004 for Mac and 2004 v. X for Mac.

"In order for this attack to be carried out, a user must first open a malicious Microsoft PowerPoint document that is sent as an email attachment or otherwise provided to them by an attacker," said the spokesperson.

Earlier this week, researchers at Sunbelt Software discovered a new zero-day exploit affecting IE and requiring no user interaction.

Researchers found two pornographic websites hosting the exploit, caused by a buffer overflow impacting the DirectAnimation Path ActiveX control.

Click here to email Frank Washkuch Jr.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike