New PowerPoint zero-day threat appears
- 16 October, 2006 15:44
New proof-of-concept code targeting an unpatched vulnerability in Microsoft Office 2003 PowerPoint has become publicly available.
The new vulnerability was rated highly critical by security firm, Secunia, which described the flaw as being caused by an unspecified error when processing PowerPoint presentations.
A Microsoft Security Response Center blog posting said the company was aware of the proof-of-concept code.
"The reported proof of concept may allow an attacker to execute code on a user's machine by convincing them to open a specially crafted PowerPoint file," the blog post said. It went on to note that Microsoft was monitoring the situation and was not aware of any actual attacks attempting to take advantage of the flaw.
Director of the rapid response team at Versign's iDefense business unit, Ken Dunham, said attacks against the flaw were increasingly likely with the availability of public exploit code.
Attacks to date against PowerPoint and Office based vulnerabilities had been highly targeted and sophisticated, he said.
Reports of the new flaw comes just three days after Microsoft rolled out patches for more than two dozen vulnerabilities in one of its largest-ever monthly security updates. Sixteen of the flaws patched this week were discovered in application software products. Exploits against many of those flaws - including one in PowerPoint - were already available before Microsoft's patch.