Exploit code targets unpatched PowerPoint flaw

Proof-of-concept exploit code has been released for a new, unpatched Microsoft PowerPoint flaw, continuing the trend of recent months where exploit code has surfaced for new flaws immediately after Microsoft's monthly patch release.

We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. Alexandra Huft, MSRC Blog

Alexandra Huft of the Microsoft Security Response Center said in the center's blog that the company is investigating the threat.

"We've been made aware of proof of concept code published publicly affecting Microsoft Office 2003 PowerPoint," Huft said. "The reported proof of concept may allow an attacker to execute code on a user's machine by convincing them to open a specially-crafted PowerPoint file. We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time."

The French Security Incident Response Team (FrSIRT) said in an advisory that the problem is a memory corruption error that surfaces when malformed PowerPoint presentations are handled. Attackers could exploit this to run malicious code on victims' machines by tricking the user into opening a specially crafted document.

Due to the appearance of exploit code, FrSIRT has rated the flaw critical, while Danish vulnerability clearinghouse Secunia has rated it highly critical. The flaw affects PowerPoint 2000, PowerPoint 2002, PowerPoint 2003, Office 2000, Office XP and Office 2003.

In its advisory, Secunia recommended Microsoft users mitigate the threat by not opening unexpected and unsolicited Office documents.

The appearance of exploit code for unpatched flaws right after Patch Tuesday has become a common occurrence in recent months. In this case, the threat surfaced two days after Microsoft released 10 security updates as part of its October patching schedule.

Days after its September patch release, Microsoft was forced to acknowledge an unpatched Internet Explorer flaw with exploit code. After the July patch release, a new zero-day flaw was found in PowerPoint. After the June patch release, a Microsoft Excel zero-day flaw surfaced.