PowerPoint Flaw Not a Vulnerability

It may seem ironic, imagining Microsoft breathing a sigh of relief upon discovering it's only a bug that takes down PowerPoint. But a proof-of-concept routine pointed out to Microsoft last October turned out not to be something exploitable for planting malicious code onto a system remotely.

As the company explained today on its security blog, a Perl script is capable of generating a malformed PPT file that, when run in PowerPoint 2003, will create a pointer that points out of bounds. The null address returned by this out-of-bounds pointer is then executed as though it were a function call, thus generating an exception.

The good news is, it isn't PowerPoint itself that generates this malformed PPT file, so there's not something there that needs an immediate patch for users worldwide. The even better news is that the exception cannot be exploited for remote code execution - it simply crashes PowerPoint.

As many long-time PowerPoint users will note, this is a regular occurrence anyway. A malicious user attempting to wreak havoc on Windows XP systems with PowerPoint 2003 using this method, would be about as effective as if he had trapped a mosquito in a mayonnaise jar only to release it on his unsuspecting office mates.

This issue is unrelated to PowerPoint exploits discovered last August, which were indeed exploited through Trojans. Microsoft says it will release a fix that addresses this particular issue not as a patch, but as part of the "next available ship vehicle for PowerPoint." Since Office 2007 was released to manufacturing on Monday, that could be a while.

In the meantime, Secunia continues to rate the bug as "highly critical."