Security Vulnerability In Powerpoint

[Peaches]

3 April 2009, 11:12

Security vulnerability in PowerPoint

Microsoft has warned of a vulnerability in their PowerPoint application that can be exploited with a specially crafted presentation file to allow remote execution of code. According to the report, the vulnerability is caused by an invalid object in memory and affects Microsoft Office PowerPoint 2000 Service Pack 3, 2002 Service Pack 3, 2003 Service Pack 3 and Microsoft Office 2004 for Mac. Other versions are reportedly not affected.

For an attack to be successful, the victim must open a manipulated PowerPoint file, perhaps received in an email. Currently, the vulnerability is only being exploited in targeted attacks. Microsoft has added the Win32/Apptom.gen exploit to its signature database.

No estimate has been given as to when a patch will be made available. Microsoft has said that it will release an update "depending on customer needs." There is still a known vulnerability, discovered in February, that remains to be patched. Traditionally, Microsoft classifies vulnerabilities in Office programs where a user must first open a file, as being non-critical – even if they can lead to the injection of malicious software.

See also:

Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution, advisory from Microsoft.

Critical vulnerability in Excel - Updated, a report from The H.

Patch Tuesday: Windows 3, Excel 0, a report from The H.

(crve)

Heise security - http://www.h-online.com/security/Security-...t--/news/112998

and more here at The Register - http://www.theregister.co.uk/2009/04/03/po..._trojan_menace/

>>>>>>>>>>>>>