Vulnerability in PowerPoint
On September 27th, Microsoft released the following Security Advisory:
- 925984 Vulnerability in PowerPoint Could Allow Remote Code Execution.
Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in the following Microsoft products:
- PowerPoint 2000
- PowerPoint 2002
- PowerPoint 2003
- PowerPoint 2004 for Mac
- PowerPoint v. X for Mac
In order for this attack to be carried out, a user must first open a malicious PowerPoint file attached to an e-mail or otherwise provided to them by an attacker.
Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability.
A workaround for this vulnerability is to use PowerPoint Viewer 2003 to open and view files. PowerPoint Viewer 2003 does not contain the vulnerable code and is not susceptible to this attack. To download the PowerPoint Viewer 2003 for free, visit the following website.
Source: Microsoft Security Advisory (925984)
Other related links: