Microsoft has issued an advisory to warn about an under-attack zero-day vulnerability affecting its PowerPoint software.
According to the pre-patch advisory, the flaw allows remote code execution if a user opens a booby-trapped PowerPoint file. The company described the attacks as “limited and targeted.”
Affected software:
Microsoft Office PowerPoint 2000 Service Pack 3
Microsoft Office PowerPoint 2002 Service Pack 3
Microsoft Office PowerPoint 2003 Service Pack 3
Microsoft Office 2004 for Mac
In the absence of a fix, Microsoft recommends the following workarounds:
- Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources.
- Do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a file.
- Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening files from unknown or untrusted sources.
- The Microsoft Office Isolated Conversion Environment (MOICE) will protect Office 2003 installations by more securely opening Word, Excel, and PowerPoint binary format files.
- Use Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.