Another hole found in PowerPoint

Posted by Virus Bulletin on Oct 19, 2006

Proof-of-concept exploit shows further bug in slideshow software

Microsoft has issued an alert over a new potential zero-day exploit in its PowerPoint presentation software. The exploit is only a proof of concept and is as yet not thought to be in use by attackers.

The new bug comes just days after the monthly Patch Tuesday updates, one of which covered a previous hole in PowerPoint. It is believed to affect only the Office 2003 version of PowerPoint, and may result in remote code execution.

Microsoft released news of the vulnerability on its security blog. Alerts have also been issued by US-CERT and by Secunia, which has rated the problem as 'highly critical'.

Posted on 19 October 2006 by Virus Bulletin

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.