April 2, 2009, 7:35PM

Microsoft issues PowerPoint zero-day warning

Microsoft has issued an advisory to warn about an under-attack zero-day vulnerability affecting its PowerPoint software.

According to the pre-patch advisory, the flaw allows remote code execution if a user opens a booby-trapped PowerPoint file. The company described the attacks as "limited and targeted."

Affected software:

Microsoft Office PowerPoint 2000 Service Pack 3
Microsoft Office PowerPoint 2002 Service Pack 3
Microsoft Office PowerPoint 2003 Service Pack 3
Microsoft Office 2004 for Mac

In the absence of a fix, Microsoft recommends the following workarounds:

  • Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources.
  • Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a file.
  • Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources.
    • The Microsoft Office Isolated Conversion Environment (MOICE) will protect Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files.
  • Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.
Shorten URL: http://threatpost.com/en_us/lG3. Click to copy to clipboard or post to Twitter

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
Please enter the two words below to help prevent spam.
Incorrect please try again
Enter the words above: Enter the numbers you hear:

 

Copyright © 2010 threatpost.com | Terms of Service | Privacy