Vulnerability found in PowerPoint

A security flaw has been found in Microsoft Office's presentation software, PowerPoint, that could leave a PC vulnerable to attack if exploited. A member of Microsoft's security team posted a message on the company's blog late last week stating that it was aware of the existence exploit code.

Alexandra Huft of Microsoft said it had "been made aware of proof-of-concept code published publicly affecting Microsoft Office 2003 PowerPoint," and added that it was currently investigating the reports.

Proof-of-concept code is generally created by security researchers in order to bring a company's attention - in this case Microsoft's - to flaws in its software. As yet, no malicious use of the code has been reported.

"We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time," said Huft.

In the wrong hands, the code could allow an attacker to take control of a PC and to execute commands for just about any purpose he or she wished. This could be for sending out spam email or phishing attacks, for example.

All the attacker would have to do to take control of the PC would be to convince the user to open a specially-crafted PowerPoint file.

"The vulnerability is caused due to an unspecified error when processing PowerPoint presentations," security company Secunia states on its website, adding that users should not open untrusted Microsoft Office documents.

Secunia has given this vulnerability a 'highly critical' rating, the second highest level in its scale. According to the company, the flaw has only been repoprted in PowerPoint 2003 but other versions may be affected too.

http://blogs.technet.com/msrc/
http://secunia.com/

More news via RSS Post item to Del.icio.us Post item to Digg.com