Microsoft Warns of Attacks on PowerPoint Vulnerability
Brian Prince writes on eWeek:
Hackers are launching attacks against an unpatched vulnerability in Microsoft Office PowerPoint, the company's popular presentation program.More here.
Microsoft described the attacks in an advisory as “limited and targeted” in scope, but cautioned that a successful exploit could allow a hacker to execute arbitrary code with the rights of the logged on user.
“The vulnerability is caused when Microsoft Office PowerPoint accesses an invalid object in memory when parsing a specially-crafted PowerPoint file,” according to the advisory. “This creates a condition that allows the attacker to execute arbitrary code.”
According to Microsoft, the malicious PowerPoint files are detected by the Windows Live OneCare safety scanner as Exploit:Win32/Apptom.gen. The products impacted by the bug are: Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3 and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is unaffected.