As Microsoft issued an out-of-cycle patch for the much discussed VML vulnerability a new vulnerability in PowerPoint is being exploited in what looks like targeted attacks.

According to the blog of Craig Schmugar from McAfee's AVERT Lab (link below) a new vulnability is being exploited, so far in a few targeted attacks. Microsoft has issued an advisory giving no details at this stage but reporting that in order for this exploit to work a victim must open and infested attachment or a file on a malicious web site. This type of activity should of course not be engaged in.

Version of PP known to be vulnerable include PP2000, PP2002, PP2003, PP2204 for Mac and PP v. X for Mac.

This vulnerability has been given CVE Reference CVE-2006-4694 so you can follow its development as more information becomes available.

[--Ed].

Related links: (Open in a new window.)
www.avertlabs.com/research/blog/?p=95
www.microsoft.com/technet/security/advisory/925984.mspx
www.microsoft.com/security/encyclopedia/details.aspx?Name=Exploit:Win32/Controlppt.X
www.microsoft.com/security/encyclopedia/details.aspx?Name=Exploit:Win32/Controlppt.W
www.heise-security.co.uk/news/78815

View printable version (opens in new window)
Back