"Microsoft is investigating new public reports of limited 'zero-day' attacks using a vulnerability in PowerPoint 2000, PowerPoint 2002, Office PowerPoint 2003, PowerPoint 2004 for Mac, and PowerPoint 2004 [version] X for Mac," Microsoft said in an advisory.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
But for the attack to succeed, Microsoft noted, "a user must first open a malicious PowerPoint file attached to an e-mail or otherwise provided to them by an attacker."
The French Security Incident Response Team (FrSIRT) said in an advisory that the flaw is in how malformed PowerPoint documents are handled. Attackers could exploit the flaw to run arbitrary commands on a targeted machine by tricking a user into opening a specially crafted document.
Two pieces of malware are actively exploiting the security hole: Trojan.Controlppt-W and Trojan.Controlppt-X, also known as PPDropper-F and Exploit-PPT-d.
Until a patch is released, Microsoft recommends users mitigate the threat by:
- Using PowerPoint Viewer 2003 to open and view files. PowerPoint Viewer 2003 does not contain the vulnerable code and is not susceptible to this attack.
- Not opening or saving PowerPoint files received from untrusted sources, since the flaw could be exploited when a user opens a specially crafted PowerPoint file.
Meanwhile, Metasploit Framework creator H.D. Moore has discovered a flaw in Internet Explorer that attackers could exploit via malicious websites. Attackers could corrupt computer memory when the user visits one of these sites.
Danish vulnerability clearing house Secunia confirmed the flaw on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2 and noted that exploit code is publicly available.
"The vulnerability is caused due to an integer overflow error in the 'setSlice()' method in the 'WebViewFolderIcon' ActiveX control," Secunia said in an advisory. "This can be exploited to corrupt memory when visiting a malicious Web site."
Secunia said only trusted websites should be allowed to run ActiveX controls.
This article originally appeared on SearchSecurity.com.