Microsoft confirms new hole in PowerPoint
Users have learned to take the recent reports by antivirus makers about holes in PowerPoint with a grain of salt, since two of the warnings proved to be unfounded. But this time Microsoft itself is pointing to a new critical security hole in PowerPoint, through which rigged presentations can be used to install malware on computers. The hole affects Mac users, as well Windows users this time, since the hole is present in not only PowerPoint 2000, 2002 and 2003, but in PowerPoint 2004 for Mac and PowerPoint v. X as well.
According to McAfee, the first unofficial exploits for the hole are already on the net. Symantec is also purported to be analysing exploits. As Craig Schmugar muses in McAfee's Avert-Labsblog entry for Tuesday the 26th of September, Microsoft must have been aware of these kind of exploits, five days ago. A test using Microsoft's Malware Protection Scanner would have already recognised the exploits as Win32/Controlppt.W and Win32/Controlppt.X, although the last update of the scanner is dated 23 September. The exploits establish a connection with a specific server to receive commands.
Microsoft declined to elucidate the precise basis of the PowerPoint hole in its advisory. Because no patch is available as yet, the Redmond company recommends opening PowerPoint files exclusively with PowerPoint Viewer 2003 for now, since this does not contain the vulnerable code and is not susceptible to this attack.
- Vulnerability in PowerPoint Could Allow Remote Code Execution, Advisory from Microsoft
- New Day Zero Exploits PowerPoint Vulnerability by ISB