United States
Anatomy of an ARP Poisoning Attack
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

News of PowerPoint zero-day vulnerability leaks out

Did I miss the memo that said, "Everyone pick on Microsoft Office"? First we had the zero-day Word flaw (subscription required), then a handful of Excel flaws; and now we have an unpatched PowerPoint vulnerability.

Researchers at Symantec have encountered a new trojan called Trojan.PPDropper.B. In explaining how the trojan works, Symantec mentions in "by the way" style that it exploits a code execution flaw in PowerPoint for Windows. No one has released an advisory detailing any such PowerPoint vulnerability, so this is the first public mention of it. From Symantec's description, I can see that it involves a malformed string that somehow corrupts memory, allowing for code execution. If an attacker can trick you into downloading and opening a specially crafted PowerPoint document, he can exploit this vulnerability to execute code on your machine, with your privileges. If you have administrative privileges, an attacker could probably exploit this flaw to gain complete control of your machine.

Luckily, the trojan hasn't spread much. Symantec considers it a low risk. However, unpatched vulnerabilities still make me pretty nervous; mostly with the next Microsoft Patch Day a whole month away. For now, inform your users not to open unexpected PowerPoint documents from friends or strangers. If you have a gateway device (such as a WatchGuard Firebox) that can block certain types of email and Web-based files, you can configure it to strip all PowerPoint documents if you like. Just tell your customers and partners to Zip legitimate ones.

Although I wish Microsoft would release an early, out-of-cycle patch for this flaw, based on their response to the previous, zero-day Excel flaws, I don't expect them to. The patch probably won't come out until August. I'll be sure to let you know when it's available either via the Wire or LiveSecurity and Informer. -- Corey Nachreiner, CISSP

 

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.