New Zero-Day PowerPoint Exploit Hits

A new zero-day exploit was disclosed over the weekend for an unpatched flaw in Microsoft's PowerPoint software, which could allow for an attacker to take complete control of an affected system and run arbitrary code.

Although details on the exploit are scant, it is known the malware that is distributing the exploit is a trojan horse.

It is believed that the flaw allowing for the attacks is a new vulnerability, although it may be related to some issues resolved in this month's Patch Tuesday updates. Affected operating systems include all versions of Windows, according to security researchers.

Finnish security expert Juha-Matti Laurio said that the exploit was first found last week in the wild. "The best advice is to use anti-virus software protecting from this specific malware and check that virus signature files are up-to-date," he wrote in the SecuriTeam blog Sunday.

Laurio identified the name of the file reportedly distributing the exploit, TROJ_SMALL.CMZ, and said the size of the PowerPoint file delivering the offending code is 72K. A check of the top antivirus programs did not show that antivirus definition files were protecting against the exploit, although Laurio said that some may already be doing so, but have not updated their Web sites due to the weekend.

In the meantime, Laurio stressed PowerPoint users should use caution when opening up files from outside sources until a fix is provided. "These days you can't trust that the sender information included to message PowerPoint file attached is truthful," he said. "If you are not sure, you can always call to the sender if e-mail including .PPT attachments arrives unexpectedly."

As of press time, Microsoft had not yet confirmed the issue. The company regularly announces new threats to Windows and Office, and schedules a fix for the next Patch Tuesday release.