PowerPoint flaw leads to zero-day attacks

By Derek Sooman on September 29, 2006, 9:33 AM
Yet another serious security problem has hit Microsoft, this time affecting the PowerPoint application that is part of Microsoft Office. It has been revealed that a flaw in the application could allow a malevolent attacker to run malicious code, and that this issue can affect both Windows and Apple Mac versions of the software. The vulnerability is believed to affect Microsoft PowerPoint 2000/2002/2003. Seemingly, there have already been reports of limited "zero-day" attacks using this flaw.

The Microsoft security advisory on this flaw had this to say:

In order for this attack to be carried out, a user must first open a malicious PowerPoint file attached to an e-mail or otherwise provided to them by an attacker.

As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.

Graham Cluley, senior technology consultant at Sophos, said it had been a "bad few weeks" for Microsoft, what with the recent major problem with the Vector Markup Language (VML) in Internet Explorer, and now this. Sophos is warning users to be extra careful when opening unsolicited files.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.