IMPORTANT INFORMATION REGARDING: Microsoft PowerPoint Vulnerability
OVERVIEW:
A vulnerability has been discovered in various software versions of
Microsoft PowerPoint. Exploitation of this vulnerability can lead to
code execution at the rights level of the logged in user. No patches or
workarounds have been released.
Microsoft has stated that exploit attempts have been seen in the wild,
on a limited/targeted basis.
AFFECTED VERSIONS:
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office XP
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft Powerpoint 2003
MITIGATING FACTORS:
As previously stated, successful exploitation limits malicious code
execution to the rights of the logged on user. Steps should be taken to
ensure permissions for various account types are regulated per
applicable policies.
Successful exploitation of this vulnerability requires user interaction
with the specially crafted PowerPoint file. Users would therefore have
to to click links in malicious e-mails, or otherwise convinced to visit
websites hosting malicious PowerPoint files. The best defense against
this is educating users on the dangers of accepting files and acting
upon links to websites provided to them via e-mail, IM, or other means
from unknown parties.
REPORTING AGENCIES:
Microsoft: