WatchGuard Wire
Improve Your Security IQ
Crash bug in PowerPoint could get worse
A grey hat researcher called Nanika has discovered a Zero Day PowerPoint vulnerability and released exploit code that will crash Microsoft's popular presentation software.
The exploit code -- a simple Perl script -- generates a malicious PowerPoint document (.ppt) that, when opened, crashes PowerPoint. According to comments in the Perl script, Nanika suspects it's possible to exploit this flaw to execute code. However, he hasn't proven this yet. He also doesn't specify exactly where the flaw lies in PowerPoint.
Microsoft is already aware of this new flaw. They mention it in a new post on their Security Response Center blog . However, they haven't released a patch for the flaw yet.
As it stands, I don't think this PowerPoint exploit poses much risk. Who really cares if PowerPoint crashes when you open a document? Just don't open that document again. That said, if the flaw is exploitable, someone will surely post a more malicious exploit any day now. I recommend you warn your users about this flaw and tell them to remain wary of unsolicited PowerPoint documents. If you manage a WatchGuard Firebox, you can also block all incoming PowerPoint documents using the HTTP and SMTP proxies. If one of your users really needs to receive a PowerPoint document, just have that user ask his sender to zip it first.
When I learn more about this flaw, I'll inform you either via the Wire or WatchGuard LiveSecurity and LiveSecurity Informer . -- Corey Nachreiner , CISSP
Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
