Exploit Exposes PowerPoint Zero-Day Vulnerability

The exploit successfully attacks PowerPoint 2003 even when fully patched with all the fixes, including the four released Tuesday.

Gregg Keizer, Contributor

October 13, 2006

1 Min Read

Just days after Microsoft issued a record 26 patches, including 16 for Office, on Friday Symantec confirmed that just-released exploit code attacks a new, zero-day vulnerability in the PowerPoint presentation software.

The exploit, which was posted to "milw0rm," a site that hosts an exploit database, successfully attacks PowerPoint 2003, even when the application has been fully patched, including the 4 fixes released Tuesday.

According to Symantec's alert, the exploit triggers a crash of PowerPoint. "It does not appear that the vulnerability can be leveraged to execute code, however the possibility has not been conclusively eliminated," said Symantec to customers of its DeepSight threat system. "[We have] tested the exploit and it is confirmed to work as advertised." Danish vulnerability tracker Secunia rated the threat as "highly critical," its second-highest warning rank.

The exploit can be delivered as a malformed PowerPoint file, Microsoft acknowledged. Microsoft's security team said Thursday that it was aware of the publicly-posted code and was investigating.

"We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time," wrote Alexandra Huft, a security program manager with the Microsoft Security Response Center, on the group's blog. "As part of our investigation, we are working with our MSRA [Microsoft Security Response Alliance] partners to monitor and secure the ecosystem."

Microsoft Office's applications have been patched repeatedly in 2006, with 44 vulnerabilities fixed in the suite so far this year. Eight of the 44, have specifically involved PowerPoint.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights