Trojan targets Microsoft PowerPoint flaw
Update: The exploit might be tied to an older flaw in Excel. Attackers who exploit the serious flaw could launch arbitrary code. Microsoft says it is investigating.
Update: A serious security hole affecting Microsoft PowerPoint is being attacked in the wild by a Trojan horse, Symantec Corp.'s DeepSight Threat Analysis Team warned late 12 July.
In an email analysis to customers, the Cupertino, Calif.-based antivirus giant said it is investigating to see if the exploit is tied to the previously known Microsoft Excel style handling and repair remote code execution flaw, with PowerPoint simply being used as a new attack vector. The company has advised IT administrators to make sure regular antivirus updates are applied as it carries out its investigation.
In its advisory, the DeepSight team said it has confirmed reports of an in-the-wild attack being performed with a maliciously crafted Microsoft Office PowerPoint file. "These attacks are exploiting a previously unknown and currently unpatched vulnerability affecting PowerPoint, and possibly Microsoft Office in general," Symantec said.
The exploit arrives via email as a Microsoft PowerPoint document attachment, Symantec said. When a user launches the PowerPoint document, the vulnerability is triggered and attackers are then able to run malicious code on a victim's machine.
"The vulnerability occurs when PowerPoint handles a specially malformed .ppt file most likely exploiting an issue in the 'MSO.DLL' library file," Symantec said, adding that it has released definitions for the malicious code used in this attack. The malicious code has been identified as Trojan.PPDropper-B.
This glitch affects Powerpoint 2003 and possibly other versions, Symantec said.
A Microsoft spokesman said on 13 July that it is investigating the issue, and may issue a security advisory or a security update through its monthly patch release process if necessary.
"Microsoft is aware of extremely limited, targeted attacks exploiting this vulnerability," Microsoft said. "In order for this attack to be carried out, a user must first open a malicious PowerPoint document that is sent as an email attachment, posted to a Web site or otherwise provided to them by an attacker. On more recent versions of PowerPoint, opening the PowerPoint document out of email will prompt the user to be careful about opening the attachment."
In addition to keeping antivirus programs updated, Symantec said IT administrators can blunt the threat by:
![]() |
||||
|
![]() |
|||
![]() |
Security experts have warned that not all known Office and Excel flaws were addressed Tuesday (.mp3).