In association with heise online

03 April 2009, 10:12

Security vulnerability in PowerPoint

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft has warned of a vulnerability in their PowerPoint application that can be exploited with a specially crafted presentation file to allow remote execution of code. According to the report, the vulnerability is caused by an invalid object in memory and affects Microsoft Office PowerPoint 2000 Service Pack 3, 2002 Service Pack 3, 2003 Service Pack 3 and Microsoft Office 2004 for Mac. Other versions are reportedly not affected.

For an attack to be successful, the victim must open a manipulated PowerPoint file, perhaps received in an email. Currently, the vulnerability is only being exploited in targeted attacks. Microsoft has added the Win32/Apptom.gen exploit to its signature database.

No estimate has been given as to when a patch will be made available. Microsoft has said that it will release an update "depending on customer needs." There is still a known vulnerability, discovered in February, that remains to be patched. Traditionally, Microsoft classifies vulnerabilities in Office programs where a user must first open a file, as being non-critical – even if they can lead to the injection of malicious software.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-740936
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit