Technology content trusted in North America and globally since 1999
8,221 Reviews & Articles | 62,285 News Posts

New Zero-Day Flaw for PowerPoint 2003

Remote Code execution by modded PowerPoint files
By: Sean Kalinich | Posted: Apr 3, 2009 3:16 pm

Looks like PowerPoint users need to be careful. There is a new attack that uses a modified power point presentation to execute remote code.


The attack works by attempting to access an invalid object in memory, which then paves the way for the malicious code.


Microsoft has released an advisory on this but has also said this attack seems to be targeted at specific victims.


The flaw affects PowerPoint 2003.


Details can be found here


New Zero-Day Flaw for PowerPoint 2003
Microsoft is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability.


We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) program to provide information that they can use to provide broader protections to customers.


Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.


Related Tags

Got an opinion on this news? Post a comment below!