Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Powerpoint, yet another new vulnerability InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Powerpoint, yet another new vulnerability

Published: 2006-09-28
Last Updated: 2006-09-28 02:09:35 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
Microsoft confirms yet another powerpoint vulnerability that leads to code execution.



McAfee has a writeup of the exploit they detected against this vulnerability to connect back to http:// mylostlove1 .6600 .org/[CENSORED] but variants of this will most likely connect to other places.


It seems all supported versions of Office are affected. It's interesting to note that Microsoft also lists the Apple versions of Office as vulnerable.

Delivery vectors are basically all means to get the file to you, including web, email, thumb drives, CDs, ...


  • Do not to open ... but we all know how easy it is to social engineer people into opening things anyway.
  • Use the PowerPoint Viewer 2003 (nah, not an option if you have a Mac).
  • Filter and/or quarantine powerpoint files in the perimeter (prevent powerpoint email attachments and getting powerpoint files on the web), but it's not easy as it has genuine uses and it has the potential of not needed the ".ppt" file extention.
  • Keep antivirus signatures up to date.
  • Keep an eye out for a patch from Microsoft.
  • ...
If you do run into a sample we're interested in obtaining one (to add to our collection ;-) )

Swa Frantzen -- Section 66

0 comment(s)
Diary Archives