Powerpoint vulnerability (August 2006)



I’m having to make sure I put the date in the title of these posts now…. over the weekend there were rumors of a new powerpoint vulnerability. Sans had an early notice of some trojan droppers using powerpoint files. And by the 20th (Sunday) it was being called a 0-day. There is a good FAQ over at securiteam.com.


It sounds kind of like what you’d expect… “specially crafted Powerpoint file leads to code execution.” There’s no details of which versions of Powerpoint, but I wonder if it may go back to the Office 97 era Powerpoint since the affected operating systems in the FAQ go back to Windows 95 (Was it possible to load Powerpoint 2000 on Windows 95… I guess it may have been.) There doesn’t yet seem to be any word from Microsoft on the issue. The bottom line here is to be cautious with files downloaded from unkown/unexpected and untrusted sources.

Update 8/24/06

According to Microsoft via betanews this is NOT a zero-day exploit and is an issue that’s already been fixed. In other words, if you’re up to date on your office updates you should be ok.

Related Posts

Blog Traffic Exchange Related Posts
  • Zero-day ( 0-day) Microsoft Word exploit There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that's dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit......
  • The security of remote tech support (ultravnc sc or x11vnc with wrapper script) Well, I've got a nice way of doing "easy" one click (or one cut and paste) light desktop support for windows or linux, one uses ultravnc sc, the other uses x11vnc with a special wrapper script. So, what security flaws are there in this process? Well, for starters, I see......
  • Microsoft October 2006 patch Tuesday The first thing I should mention is that this months update from Microsoft is the last for XP SP1 users should plan a migration path to SP2 to keep getting updates to XP. Multiple vulnerabilities this month have been patched in Office There are 4 advisories, but a total of......
Blog Traffic Exchange Related Websites
  • 12/22 - ETF Trading - Gain on EWH A small gain on our EWH trade: our etf exit signals triggered yesterday with a positive close. We gained .80% on EWH We have made 33 winning trades out of 41 for the year. That’s a winning percentage of better than 80%. Our goal is to produce more winning trades......
  • Tech Support - Funny Video Series While surfing through Youtube, I stumbled across this fun-filled tech support video series. All of the videos are sure to give you good amount of chuckle. I liked all of them, but first one is my favorite. Surely a stress buster after a bad day in office :) Enjoy! Tech......
  • Generate SSH Keys in Two Easy Steps This post is probably as much for me as it is everyone else. I got sick of having to look up 3 or 4 different SSH keygen tutorials every time I needed to generate a private/public SSH key pair, so I thought I'd write up my own. Here's how to......
PDF Creator    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site