Powerpoint vulnerability (August 2006)

I’m having to make sure I put the date in the title of these posts now…. over the weekend there were rumors of a new powerpoint vulnerability. Sans had an early notice of some trojan droppers using powerpoint files. And by the 20th (Sunday) it was being called a 0-day. There is a good FAQ over at securiteam.com.

It sounds kind of like what you’d expect… “specially crafted Powerpoint file leads to code execution.” There’s no details of which versions of Powerpoint, but I wonder if it may go back to the Office 97 era Powerpoint since the affected operating systems in the FAQ go back to Windows 95 (Was it possible to load Powerpoint 2000 on Windows 95… I guess it may have been.) There doesn’t yet seem to be any word from Microsoft on the issue. The bottom line here is to be cautious with files downloaded from unkown/unexpected and untrusted sources.

Update 8/24/06

According to Microsoft via betanews this is NOT a zero-day exploit and is an issue that’s already been fixed. In other words, if you’re up to date on your office updates you should be ok.

Related Posts

Blog Traffic Exchange Related Posts
  • The security of remote tech support (ultravnc sc or x11vnc with wrapper script) Well, I've got a nice way of doing "easy" one click (or one cut and paste) light desktop support for windows or linux, one uses ultravnc sc, the other uses x11vnc with a special wrapper script. So, what security flaws are there in this process? Well, for starters, I see......
  • Lotus Notes WMF vulnerability This is really the same zero-day wmf vulnerability, but there is a twist. It's been found that Lotus Notes v. 6.x and up are vulnerable to the Windows Meta File (WMF) exploit that's making the rounds. Probably not surprising given that there are reports of many vectors of attack, not......
  • Remote Tech Support with x11vnc and wrapper script So, the idea is that I wanted something "like" the Ultranvnc Single Click download, only for linux. The main idea being is that if someone is looking for a bit of desktop tech support on linux, we don't need to be giving instructions for 5 different package managers, or source......
Blog Traffic Exchange Related Websites
  • Home Office Ideas Home working has reached a level where it has once again become a major part of the economy. It is especially big in Europe. For example, approximately 4 million residents in the UK work from home necessitating the need to optimise their office spaces in order to improve efficiency, while......
  • Best Registry Cleaner - Fix Registry Errors Easily Even for experienced computer techs and professionals, registry errors is a touchy subject. Attempting to manually clean your pc’s registry database can multiply your problems instead of solving them. Without utilizing the best registry cleaner, your windows operating system is left open to many risks. If you have been a......
  • Generate SSH Keys in Two Easy Steps This post is probably as much for me as it is everyone else. I got sick of having to look up 3 or 4 different SSH keygen tutorials every time I needed to generate a private/public SSH key pair, so I thought I'd write up my own. Here's how to......
Fax Online    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Comments are closed.

Switch to our mobile site