RSSNew Zero-Day PowerPoint Exploit Hits
By Ed Oswald | Published August 21, 2006, 12:48 PM
A new zero-day exploit was disclosed over the weekend for an unpatched flaw in Microsoft's PowerPoint software, which could allow for an attacker to take complete control of an affected system and run arbitrary code.
Although details on the exploit are scant, it is known the malware that is distributing the exploit is a trojan horse.
It is believed that the flaw allowing for the attacks is a new vulnerability, although it may be related to some issues resolved in this month's Patch Tuesday updates. Affected operating systems include all versions of Windows, according to security researchers.
Finnish security expert Juha-Matti Laurio said that the exploit was first found last week in the wild. "The best advice is to use anti-virus software protecting from this specific malware and check that virus signature files are up-to-date," he wrote in the SecuriTeam blog Sunday.
Laurio identified the name of the file reportedly distributing the exploit, TROJ_SMALL.CMZ, and said the size of the PowerPoint file delivering the offending code is 72K. A check of the top antivirus programs did not show that antivirus definition files were protecting against the exploit, although Laurio said that some may already be doing so, but have not updated their Web sites due to the weekend.
In the meantime, Laurio stressed PowerPoint users should use caution when opening up files from outside sources until a fix is provided. "These days you can't trust that the sender information included to message PowerPoint file attached is truthful," he said. "If you are not sure, you can always call to the sender if e-mail including .PPT attachments arrives unexpectedly."
As of press time, Microsoft had not yet confirmed the issue. The company regularly announces new threats to Windows and Office, and schedules a fix for the next Patch Tuesday release.
Could a BETANEWS editor update the title please?
It is now known that this is an old bug that was patched almost half a year ago.
http://news.com.com/2061-10789_3-6107998.html
Score: 0
Well, I suppose we could say it's better than a -1 day exploit. :)
Score: 0
Someday surfing will be like surfing and less like walking barefoot in a cow pasture.
Score: 0
.^
Someone stepped on a goatse link. ;P
Score: 0
.cx
heh
Score: 0
Not supposed to accept/open a binary file like Powerpoint or other Office documents from anyone without proper and adequate virus protection.
Score: 0
Trend Micro says this is not a 0-day exploit, but exploit an old flaw (MS06-012).
“This Trojan is not a zero-day exploit. It attempts to exploit the Microsoft Office Remote Code Execution Using a Malformed Routing Slip Vulnerability. It is seen that this Trojan has a similarity with other malware exploiting the said Vulnerability. Note that the shell code of the sample is actually located in the routing slip record. However, the shellcode does not manifest the said behavior.”
http://www.trendmicro.co...ROPPER%2EBH&VSect=T
According to Stephen Toulouse, a program manager in the MSRC (Microsoft Security Response Center), the vulnerability has already been resolved by an update.
"Our initial investigation is that this is not a new zero-day at all," Toulouse said in an e-mail exchange with eWEEK.
Score: 0
"In the meantime, Laurio stressed PowerPoint users should use caution when opening up files from outside sources until a fix is provided."
Or just open it in OpenOffice (etc), then you won't get infected*. :D
* - Disclaimer: I am not claiming OpenOffice (etc), are bug free, just that they do not share PowerPoint bugs and exploits, thus making any malformed PPT ineffective.
Score: 0
SO people should just hop back and forth between office versions as the one with the least 0-days is better off?
Smoke: me want it.
Score: 0
In general, people should not assume that OpenOffice is more secure. Here: http://news.com.com/Open...100-1002_3-6105176.html
Also, to quote a CNET security blog:
"Trend Micro has now run the sample of the Trojan horse through numerous tests and concluded that it doesn't work. "We can't get it to work on any version of Windows," Perry said."
Score: 0
OpenOffice.org has hit back at claims that the alternative office applications suite is riddled with security holes. Researchers at the French Ministry of Defense say that OpenOffice is subject to security weaknesses that make it at least as susceptible to computer viruses as the commercial, more widely used, Microsoft Office.
The French research paper, entitled an In-depth analysis of the viral threats with OpenOffice.org documents (PDF), looked at four proof-of-concept viruses and a variety of attack scenarios before concluding that the "general security of OpenOffice is insufficient," IDG reports. Among the risks highlighted were the possibility of creating malicious macros targeting OpenOffice documents.
"The viral hazard attached to OpenOffice.org is at least as high as that for the Microsoft Office suite, and even higher when considering some... aspects," the researchers, information security specialists at the French Ministry of Defense's Signal Corps, said. Their paper is due to be published Paris-based Journal in Computer Virology.
Score: 0
*yawn*
Score: 0
KABOOM, another zero-day exploit...
having fun in Microsux world? HAHAHA
Score: 0
...
It ain't news when it happens all the time.
BetaNews passes up ~real~ computer stories
to do stuff like this and articles on hybrid cars !
...
The Computer Rodent
...
Score: 0
People still use PowerPoint? Who knew!
Score: 0
Only managers (with too much time on their hands) as far as I know...
Score: 0
This is nice. Everytime I visit Betanews.
http://img520.imageshack...g520/6554/prompthy9.png
Score: 0
An ad image being served was password protected for some reason by one of the advertisers. They are fixing/have fixed it.
Score: 0
Cool deal.
Thanks. :)
Score: 0
Wow, another case of "Dont open stuff from people you dont know". If the exploit requires me to open a file from someone i dont know, then I am not worried at all about it.
Score: 0
As mentioned, it can "come" from someone you "do" know, so the advice is silly.
I think I've gotten about 1 powerpoint file from an external source in my life? the files really aren't e-mailed that often between companies/domains.
Score: 0
But you have to look at the powerpoint slide show going around with pictures from Tiger Woods' ocean-front house and the ruler of Dubai's palace. How can you resist? :)
Score: 0
If someone I know gets me infected then any further communications, via email, will be halted. Quite simple.
Score: 0